chore: update lockfile

fix(nvim): allow unfree nvim plugins
2026-05-06 19:41:05 +02:00 · 2026-05-06 19:41:00 +02:00 · 2026-04-30 18:33:01 +02:00 · 2026-04-30 18:28:53 +02:00 · 2026-04-30 17:20:02 +02:00 · 2026-04-30 15:31:07 +02:00
143 changed files with 1890 additions and 1651 deletions
--- a/.envrc
+++ b/.envrc
@@ -0,0 +1 @@
 use flake
--- a/.gitignore
+++ b/.gitignore
@@ -9,4 +9,5 @@ result-*
 nixos-efi-vars.fd
-/.pre-commit-config.yaml
+.direnv/
 .pre-commit-config.yaml
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# NixOS flake
+# ❄️ NixOS flake
 ## hosts
--- a/deploy/colmena.nix
+++ b/deploy/colmena.nix
@@ -8,29 +8,27 @@ let
  utils = import ../utils { inherit lib; };
  hostDirNames = utils.dirNames ../hosts;
-  mkNode = hostname: tags: {
+  mkNode = hostname: meta: {
    imports = [ ../hosts/${hostname} ];
    deployment = {
-      targetHost = self.nixosConfigurations.${hostname}.config.ssh.publicHostname;
+      inherit (meta.deployment) targetHost targetUser tags;
-      targetUser = self.nixosConfigurations.${hostname}.config.ssh.username;
+      buildOnTarget = builtins.any (t: t != "local" && t != "arm") meta.deployment.tags;
      buildOnTarget = builtins.any (t: t != "local") tags;
      inherit tags;
    };
  };
-  nodes = lib.genAttrs hostDirNames (hostname:
+  nodes = lib.genAttrs hostDirNames (hostname: mkNode hostname (utils.hostMeta ../hosts/${hostname}));
    mkNode hostname (utils.hostMeta ../hosts/${hostname}).deployment.tags
  );
 in
-inputs.colmena.lib.makeHive {
+inputs.colmena.lib.makeHive (
  {
    meta = {
-    nixpkgs = import inputs.nixpkgs {
+      nixpkgs = import inputs.nixpkgs { localSystem = "x86_64-linux"; };
-      localSystem = "x86_64-linux";
+      specialArgs = {
        inherit inputs;
        outputs = self;
        dotsPath = ../dots;
        myUtils = utils;
      };
    nodeNixpkgs = builtins.mapAttrs (_: v: v.pkgs) self.nixosConfigurations;
    nodeSpecialArgs = builtins.mapAttrs (_: v: v._module.specialArgs or { }) self.nixosConfigurations;
    };
  inherit nodes;
  }
  // nodes
 )
--- a/dots/.bash_aliases/all
+++ b/dots/.bash_aliases/all
@@ -27,8 +27,6 @@ alias ipa="ip -brief address"
 alias ipl="ip -brief link"
 alias ipr="ip route"
 alias clip="xclip -sel clip"
 alias df="df -kTh"
 alias fzfpac="pacman -Slq | fzf -m --preview 'pacman -Si {1}' | xargs -ro sudo pacman -S"
 alias path='echo -e ${PATH//:/\\n}' # Pretty print path variables
--- a/dots/.bashrc.d/editor
+++ b/dots/.bashrc.d/editor
@@ -4,3 +4,4 @@
 # Set NeoVim as default editor
 export EDITOR=nvim
 export SUDO_EDITOR="$EDITOR"
 export SYSTEMD_EDITOR="$EDITOR"
--- a/dots/.bin/git-cb
+++ b/dots/.bin/git-cb
@@ -1,221 +0,0 @@
 #!/usr/bin/env bash
 set -euo pipefail
 readonly ALLOWED_MAIN_BRANCHES=("main" "master" "develop")
 readonly BRANCH_TYPES=(
  "feat      For new features"
  "hotfix    For urgent fixes"
  "fix       For fixes"
  "release   For preparing releases"
  "chore     For non-code tasks"
 )
 error() {
  echo "Error: $1" >&2
  exit 1
 }
 warn() {
  echo "Warning: $1" >&2
 }
 check_dependencies() {
  local missing=()
  for cmd in git fzf; do
    if ! command -v "$cmd" &> /dev/null; then
      missing+=("$cmd")
    fi
  done
  if [[ ${#missing[@]} -gt 0 ]]; then
    error "Missing required commands: ${missing[*]}"
  fi
 }
 check_git_repo() {
  if ! git rev-parse --git-dir &> /dev/null; then
    error "Not in a git repository"
  fi
 }
 check_current_branch() {
  local current_branch
  current_branch=$(git branch --show-current)
  local is_main_branch=false
  for branch in "${ALLOWED_MAIN_BRANCHES[@]}"; do
    if [[ "$current_branch" == "$branch" ]]; then
      is_main_branch=true
      break
    fi
  done
  if [[ "$is_main_branch" == false ]]; then
    warn "Not branching from a main branch (current: $current_branch)"
    read -rp "Continue anyway? [y/N] " response
    if [[ ! "$response" =~ ^[Yy]$ ]]; then
      exit 0
    fi
  fi
 }
 get_user_email() {
  local email
  email=$(git config --get user.email 2>/dev/null)
  if [[ -z "$email" ]]; then
    error "Git user email not configured. Run: git config user.email 'your@email.com'"
  fi
  echo "$email"
 }
 select_branch_type() {
  local selected
  selected=$(printf '%s\n' "${BRANCH_TYPES[@]}" | \
    fzf --prompt="Select branch type: " \
        --height=40% \
        --border \
        --info=inline) || error "Branch type selection cancelled"
  echo "${selected%% *}"
 }
 select_jira_ticket() {
  local email=$1
  if ! command -v jira &> /dev/null; then
    warn "Jira CLI not found. Proceeding without ticket ID."
    return 0
  fi
  echo "Fetching Jira tickets for $email..." >&2
  local jira_data
  jira_data=$(jira issue list --assignee="$email" --order-by=priority --plain --no-headers 2>/dev/null) || {
    warn "Could not fetch Jira tickets. Proceeding without ticket ID."
    return 0
  }
  if [[ -z "$jira_data" ]]; then
    warn "No Jira tickets found. Proceeding without ticket ID."
    return 0
  fi
  echo "$jira_data" >&2
  echo "" >&2
  local formatted_tickets
  formatted_tickets=$(echo "$jira_data" | awk '{
    ticket_id = $2
    $1 = $2 = ""
    description = $0
    gsub(/^[ \t]+/, "", description)
    if (length(description) > 60) {
      description = substr(description, 1, 57) "..."
    }
    print ticket_id " - " description
  }')
  if [[ -z "$formatted_tickets" ]]; then
    warn "No tickets to display. Proceeding without ticket ID."
    return 0
  fi
  local selected_ticket
  selected_ticket=$(echo -e "SKIP - Create branch without ticket ID\n$formatted_tickets" | \
    fzf --prompt="Select Jira ticket (or skip): " \
        --height=40% \
        --border \
        --info=inline) || error "Ticket selection cancelled"
  if [[ "$selected_ticket" != "SKIP"* ]]; then
    echo "${selected_ticket%% -*}"
  fi
 }
 get_branch_description() {
  local ticket_id=$1
  local editor="${EDITOR:-vi}"
  local tmpfile
  tmpfile=$(mktemp)
  trap "rm -f '$tmpfile'" EXIT
  if [[ -n "$ticket_id" ]]; then
    cat > "$tmpfile" << EOF
 # Selected ticket: $ticket_id
 # Enter your branch description below in kebab-case (e.g., my-description):
 # The ticket ID will be automatically included in the branch name.
 # Lines starting with # will be ignored.
 EOF
  else
    cat > "$tmpfile" << 'EOF'
 # Enter your branch description below in kebab-case (e.g., my-description):
 # Lines starting with # will be ignored.
 EOF
  fi
  "$editor" "$tmpfile" < /dev/tty > /dev/tty
  local desc
  desc=$(grep -v '^#' "$tmpfile" | tr -d '\n' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
  echo "$desc"
 }
 validate_description() {
  local desc=$1
  if [[ -z "$desc" ]]; then
    error "No description provided"
  fi
  if [[ ! "$desc" =~ ^[a-z0-9]+(-[a-z0-9]+)*$ ]]; then
    error "Invalid branch description format.\nUse lowercase letters, numbers, and hyphens only.\nNo trailing or consecutive hyphens allowed.\nExample: my-feature-description"
  fi
 }
 create_branch() {
  local type=$1
  local ticket_id=$2
  local desc=$3
  local branch
  if [[ -n "$ticket_id" ]]; then
    branch="$type/$ticket_id-$desc"
  else
    branch="$type/$desc"
  fi
  if git show-ref --verify --quiet "refs/heads/$branch"; then
    error "Branch '$branch' already exists"
  fi
  echo ""
  echo "Creating branch: $branch"
  git checkout -b "$branch"
 }
 main() {
  check_dependencies
  check_git_repo
  check_current_branch
  local email
  email=$(get_user_email)
  local type
  type=$(select_branch_type)
  echo "About to call select_jira_ticket" >&2
  local ticket_id=""
  ticket_id=$(select_jira_ticket "$email")
  local desc
  desc=$(get_branch_description "$ticket_id")
  validate_description "$desc"
  create_branch "$type" "$ticket_id" "$desc"
 }
 main "$@"
--- a/dots/.bin/save-zk
+++ b/dots/.bin/save-zk
@@ -1,4 +0,0 @@
 #!/usr/bin/env bash
 cd "$ZK_PATH" || echo "No zettelkasten directory found"
 git a . && git commit -m "Update" && git push
--- a/dots/.bin/setup-zk
+++ b/dots/.bin/setup-zk
@@ -1,20 +0,0 @@
 #!/bin/bash
 if [ ! -d ~/.zk ]; then
    echo "[zk] Setting up zettelkasten"
    gh repo clone zk ~/.zk
 else
    echo "[zk] Zettelkasten already set up."
 fi
 read -p "Would you like open your zettelkasten? [y/N] " -n 1 -r
 echo
 if [[ $REPLY =~ ^[Yy]$ ]]; then
  if [ -x "$(command -v zk)" ]; then
    zk
  else
    echo "Error: 'zk' command not found or not executable"
    exit 1
  fi
 fi
--- a/dots/.config/nvim/after/plugin/codecompanion.nvim.lua
+++ b/dots/.config/nvim/after/plugin/codecompanion.nvim.lua
@@ -13,6 +13,7 @@ if ok then
  cc_config.interactions = cc_config.interactions or {}
  cc_config.interactions.chat = cc_config.interactions.chat or {}
  cc_config.interactions.chat.tools = cc_config.interactions.chat.tools or {}
  cc_config.interactions.chat.variables = cc_config.interactions.chat.variables or {}
  require("mcphub.extensions.codecompanion").setup({
    make_vars = true,
--- a/dots/.config/nvim/after/plugin/hydra.lua
+++ b/dots/.config/nvim/after/plugin/hydra.lua
@@ -0,0 +1,35 @@
 local hydra_repl = "hydra-repl"
 if not vim.fn.executable(hydra_repl) then
  return
 end
 local function send(lines)
  vim.system({ hydra_repl, table.concat(lines, "\n") })
 end
 local function get_paragraph(buf)
  local start_ = vim.fn.search("^$", "bnW")
  local end_ = vim.fn.search("^$", "nW") - 1
  if end_ < vim.api.nvim_win_get_cursor(0)[1] then
    end_ = vim.api.nvim_buf_line_count(buf)
  end
  return vim.api.nvim_buf_get_lines(buf, start_, end_, false)
 end
 local function get_selection(buf)
  return vim.api.nvim_buf_get_lines(buf, vim.fn.line("'<") - 1, vim.fn.line("'>"), false)
 end
 vim.api.nvim_create_autocmd("FileType", {
  pattern = "javascript",
  callback = function(e)
    if vim.fn.fnamemodify(vim.api.nvim_buf_get_name(e.buf), ":e") ~= "hydra" then
      return
    end
    local buf = e.buf
    vim.keymap.set("n", "<CR>", function() send(get_paragraph(buf)) end, { buffer = buf, desc = "hydra: send block" })
    vim.keymap.set("v", "<CR>", function() send(get_selection(buf)) end, { buffer = buf, desc = "hydra: send selection" })
  end,
 })
--- a/dots/.config/nvim/after/plugin/lspconfig.lua
+++ b/dots/.config/nvim/after/plugin/lspconfig.lua
@@ -87,7 +87,6 @@ local servers = {
  },
  openscad_ls = {},
  pyright = {},
  -- tsserver = {},
  svelte = {
    plugin = {
      svelte = {
@@ -96,7 +95,6 @@ local servers = {
    },
  },
  tailwindcss = {},
  -- vtsls = {},
  ts_ls = {},
  -- vtsls = {
  --   maxTsServerMemory = 16384,
--- a/dots/.config/nvim/after/plugin/luasnip.lua
+++ b/dots/.config/nvim/after/plugin/luasnip.lua
@@ -1,23 +1,5 @@
 local ls = require("luasnip")
 local s = ls.snippet
 local sn = ls.snippet_node
 local t = ls.text_node
 local i = ls.insert_node
 local f = ls.function_node
 local c = ls.choice_node
 local d = ls.dynamic_node
 local r = ls.restore_node
 local l = require("luasnip.extras").lambda
 local rep = require("luasnip.extras").rep
 local p = require("luasnip.extras").partial
 local m = require("luasnip.extras").match
 local n = require("luasnip.extras").nonempty
 local dl = require("luasnip.extras").dynamic_lambda
 local fmt = require("luasnip.extras.fmt").fmt
 local fmta = require("luasnip.extras.fmt").fmta
 local conds = require("luasnip.extras.expand_conditions")
 ls.config.set_config({
  history = true,
  update_events = "TextChanged,TextChangedI",
@@ -27,287 +9,5 @@ ls.config.set_config({
  store_selection_keys = "<Tab>",
 })
 local function copy(args)
  return args[1]
 end
 local function bash(_, _, command)
  local file = io.popen(command, "r")
  local res = {}
  if file then
    for line in file:lines() do
      table.insert(res, line)
    end
  end
  return res
 end
 local date_input = function(args, snip, old_state, date_format)
  print(args, snip, old_state)
  return sn(nil, i(1, os.date(date_format or "%Y-%m-%d")))
 end
 -- -- FIXME: EXAMPLE
 -- ls.add_snippets("all", {
 --   -- arg1: trigger `fn`,
 --   -- arg2: nodes to insert into buffer on expansion.
 --   s("fn", {
 --     t("//Parameters: "),    -- Text.
 --     f(copy, 2),             -- 1: function, 2: placeholders to copy text from
 --     t({ "", "function " }), -- placeholder/insert.
 --     i(1),
 --     t("("),                 -- placeholder with initial text.
 --     i(2, "int foo"),        -- linebreak
 --     t({ ") {", "\t" }),     -- last placeholder, snippet exit point
 --     i(0),
 --     t({ "", "}" }),
 --   }),
 --   s("class", {
 --     -- Choice: Switch between two different Nodes, first parameter is its position, second a list of nodes.
 --     c(1, {
 --       t("public "),
 --       t("private "),
 --     }),
 --     t("class "),
 --     i(2),
 --     t(" "),
 --     c(3, {
 --       t("{"),
 --       -- sn: Nested Snippet. Instead of a trigger, it has a position, just like insert-nodes. !!! These don't expect a 0-node!!!!
 --       -- Inside Choices, Nodes don't need a position as the choice node is the one being jumped to.
 --       sn(nil, {
 --         t("extends "),
 --         -- restoreNode: stores and restores nodes.
 --         -- pass position, store-key and nodes.
 --         r(1, "other_class", i(1)),
 --         t(" {"),
 --       }),
 --       sn(nil, {
 --         t("implements "),
 --         -- no need to define the nodes for a given key a second time.
 --         r(1, "other_class"),
 --         t(" {"),
 --       }),
 --     }),
 --     t({ "", "\t" }),
 --     i(0),
 --     t({ "", "}" }),
 --   }),
 --   -- Alternative printf-like notation for defining snippets. It uses format
 --   -- string with placeholders similar to the ones used with Python's .format().
 --   s(
 --     "fmt1",
 --     fmt("To {title} {} {}.", {
 --       i(2, "Name"),
 --       i(3, "Surname"),
 --       title = c(1, { t("Mr."), t("Ms.") }),
 --     })
 --   ),
 --   -- To escape delimiters use double them, e.g. `{}` -> `{{}}`.
 --   -- Multi-line format strings by default have empty first/last line removed.
 --   -- Indent common to all lines is also removed. Use the third `opts` argument
 --   -- to control this behaviour.
 --   s(
 --     "fmt2",
 --     fmt(
 --       [[
 -- 		foo({1}, {3}) {{
 -- 			return {2} * {4}
 -- 		}}
 -- 		]],
 --       {
 --         i(1, "x"),
 --         rep(1),
 --         i(2, "y"),
 --         rep(2),
 --       }
 --     )
 --   ),
 --   -- Empty placeholders are numbered automatically starting from 1 or the last
 --   -- value of a numbered placeholder. Named placeholders do not affect numbering.
 --   s(
 --     "fmt3",
 --     fmt("{} {a} {} {1} {}", {
 --       t("1"),
 --       t("2"),
 --       a = t("A"),
 --     })
 --   ),
 --   -- The delimiters can be changed from the default `{}` to something else.
 --   s("fmt4", fmt("foo() { return []; }", i(1, "x"), { delimiters = "[]" })),
 --   -- `fmta` is a convenient wrapper that uses `<>` instead of `{}`.
 --   s("fmt5", fmta("foo() { return <>; }", i(1, "x"))),
 --   -- By default all args must be used. Use strict=false to disable the check
 --   s(
 --     "fmt6",
 --     fmt("use {} only", { t("this"), t("not this") }, { strict = false })
 --   ),
 --   -- Use a dynamic_node to interpolate the output of a
 --   -- function (see date_input above) into the initial
 --   -- value of an insert_node.
 --   s("novel", {
 --     t("It was a dark and stormy night on "),
 --     d(1, date_input, {}, { user_args = { "%A, %B %d of %Y" } }),
 --     t(" and the clocks were striking thirteen."),
 --   }),
 --   -- Parsing snippets: First parameter: Snippet-Trigger, Second: Snippet body.
 --   -- Placeholders are parsed into choices with 1. the placeholder text(as a snippet) and 2. an empty string.
 --   -- This means they are not SELECTed like in other editors/Snippet engines.
 --   ls.parser.parse_snippet(
 --     "lspsyn",
 --     "Wow! This ${1:Stuff} really ${2:works. ${3:Well, a bit.}}"
 --   ),
 --   -- When wordTrig is set to false, snippets may also expand inside other words.
 --   ls.parser.parse_snippet(
 --     { trig = "te", wordTrig = false },
 --     "${1:cond} ? ${2:true} : ${3:false}"
 --   ),
 --   -- When regTrig is set, trig is treated like a pattern, this snippet will expand after any number.
 --   ls.parser.parse_snippet({ trig = "%d", regTrig = true }, "A Number!!"),
 --   -- Using the condition, it's possible to allow expansion only in specific cases.
 --   s("cond", {
 --     t("will only expand in c-style comments"),
 --   }, {
 --     condition = function(line_to_cursor, matched_trigger, captures)
 --       -- optional whitespace followed by //
 --       return line_to_cursor:match("%s*//")
 --     end,
 --   }),
 --   -- there's some built-in conditions in "luasnip.extras.expand_conditions".
 --   s("cond2", {
 --     t("will only expand at the beginning of the line"),
 --   }, {
 --     condition = conds.line_begin,
 --   }),
 --   -- The last entry of args passed to the user-function is the surrounding snippet.
 --   s(
 --     { trig = "a%d", regTrig = true },
 --     f(function(_, snip)
 --       return "Triggered with " .. snip.trigger .. "."
 --     end, {})
 --   ),
 --   -- It's possible to use capture-groups inside regex-triggers.
 --   s(
 --     { trig = "b(%d)", regTrig = true },
 --     f(function(_, snip)
 --       return "Captured Text: " .. snip.captures[1] .. "."
 --     end, {})
 --   ),
 --   s({ trig = "c(%d+)", regTrig = true }, {
 --     t("will only expand for even numbers"),
 --   }, {
 --     condition = function(line_to_cursor, matched_trigger, captures)
 --       return tonumber(captures[1]) % 2 == 0
 --     end,
 --   }),
 --   -- Use a function to execute any shell command and print its text.
 --   s("bash", f(bash, {}, "ls")),
 --   -- Short version for applying String transformations using function nodes.
 --   s("transform", {
 --     i(1, "initial text"),
 --     t({ "", "" }),
 --     -- lambda nodes accept an l._1,2,3,4,5, which in turn accept any string transformations.
 --     -- This list will be applied in order to the first node given in the second argument.
 --     l(l._1:match("[^i]*$"):gsub("i", "o"):gsub(" ", "_"):upper(), 1),
 --   }),
 --   s("transform2", {
 --     i(1, "initial text"),
 --     t("::"),
 --     i(2, "replacement for e"),
 --     t({ "", "" }),
 --     -- Lambdas can also apply transforms USING the text of other nodes:
 --     l(l._1:gsub("e", l._2), { 1, 2 }),
 --   }),
 --   s({ trig = "trafo(%d+)", regTrig = true }, {
 --     -- env-variables and captures can also be used:
 --     l(l.CAPTURE1:gsub("1", l.TM_FILENAME), {}),
 --   }),
 --   -- Set store_selection_keys = "<Tab>" (for example) in your
 --   -- luasnip.config.setup() call to populate
 --   -- TM_SELECTED_TEXT/SELECT_RAW/SELECT_DEDENT.
 --   -- In this case: select a URL, hit Tab, then expand this snippet.
 --   s("link_url", {
 --     t('<a href="'),
 --     f(function(_, snip)
 --       -- TM_SELECTED_TEXT is a table to account for multiline-selections.
 --       -- In this case only the first line is inserted.
 --       return snip.env.TM_SELECTED_TEXT[1] or {}
 --     end, {}),
 --     t('">'),
 --     i(1),
 --     t("</a>"),
 --     i(0),
 --   }),
 --   -- Shorthand for repeating the text in a given node.
 --   s("repeat", { i(1, "text"), t({ "", "" }), rep(1) }),
 --   -- Directly insert the ouput from a function evaluated at runtime.
 --   s("part", p(os.date, "%Y")),
 --   -- use matchNodes (`m(argnode, condition, then, else)`) to insert text
 --   -- based on a pattern/function/lambda-evaluation.
 --   -- It's basically a shortcut for simple functionNodes:
 --   s("mat", {
 --     i(1, { "sample_text" }),
 --     t(": "),
 --     m(1, "%d", "contains a number", "no number :("),
 --   }),
 --   -- The `then`-text defaults to the first capture group/the entire
 --   -- match if there are none.
 --   s("mat2", {
 --     i(1, { "sample_text" }),
 --     t(": "),
 --     m(1, "[abc][abc][abc]"),
 --   }),
 --   -- It is even possible to apply gsubs' or other transformations
 --   -- before matching.
 --   s("mat3", {
 --     i(1, { "sample_text" }),
 --     t(": "),
 --     m(
 --       1,
 --       l._1:gsub("[123]", ""):match("%d"),
 --       "contains a number that isn't 1, 2 or 3!"
 --     ),
 --   }),
 --   -- `match` also accepts a function in place of the condition, which in
 --   -- turn accepts the usual functionNode-args.
 --   -- The condition is considered true if the function returns any
 --   -- non-nil/false-value.
 --   -- If that value is a string, it is used as the `if`-text if no if is explicitly given.
 --   s("mat4", {
 --     i(1, { "sample_text" }),
 --     t(": "),
 --     m(1, function(args)
 --       -- args is a table of multiline-strings (as usual).
 --       return (#args[1][1] % 2 == 0 and args[1]) or nil
 --     end),
 --   }),
 --   -- The nonempty-node inserts text depending on whether the arg-node is
 --   -- empty.
 --   s("nempty", {
 --     i(1, "sample_text"),
 --     n(1, "i(1) is not empty!"),
 --   }),
 --   -- dynamic lambdas work exactly like regular lambdas, except that they
 --   -- don't return a textNode, but a dynamicNode containing one insertNode.
 --   -- This makes it easier to dynamically set preset-text for insertNodes.
 --   s("dl1", {
 --     i(1, "sample_text"),
 --     t({ ":", "" }),
 --     dl(2, l._1, 1),
 --   }),
 --   -- Obviously, it's also possible to apply transformations, just like lambdas.
 --   s("dl2", {
 --     i(1, "sample_text"),
 --     i(2, "sample_text_2"),
 --     t({ "", "" }),
 --     dl(3, l._1:gsub("\n", " linebreak ") .. l._2, { 1, 2 }),
 --   }),
 -- }, {
 --   key = "all",
 -- })
 require("luasnip.loaders.from_lua").lazy_load({ paths = { "~/.config/nvim/snips" } })
 require("luasnip.loaders.from_vscode").lazy_load({ paths = { "~/.config/Code - Insiders/User/snippets" } })
--- a/dots/.config/nvim/after/plugin/m_taskwarrior_d.nvim.lua
+++ b/dots/.config/nvim/after/plugin/m_taskwarrior_d.nvim.lua
@@ -1,9 +0,0 @@
 -- require("m_taskwarrior_d").setup()
 --
 -- vim.api.nvim_create_autocmd({ "BufEnter", "BufWritePost" }, {
 --   group = vim.api.nvim_create_augroup("TWTask", { clear = true }),
 --   pattern = "*.md",
 --   callback = function()
 --     vim.cmd("TWSyncTasks")
 --   end,
 -- })
--- a/dots/.config/nvim/after/plugin/nvim-highlight-colors.lua
+++ b/dots/.config/nvim/after/plugin/nvim-highlight-colors.lua
@@ -1,3 +1 @@
 vim.opt.termguicolors = true
 require("nvim-highlight-colors").setup({})
--- a/dots/.config/nvim/after/plugin/nvim-lint.lua
+++ b/dots/.config/nvim/after/plugin/nvim-lint.lua
@@ -28,9 +28,6 @@ require("lint").linters_by_ft = {
  yaml = { "yamllint" },
 }
 -- TODO: Wouldn't it be possible / nice to only try to load the linters when they are
 -- actually needed?
 vim.api.nvim_create_autocmd({ "BufEnter", "BufWritePost", "InsertLeave" }, {
  callback = function()
    require("lint").try_lint()
--- a/dots/.config/nvim/after/plugin/vim-tidal.vim.lua
+++ b/dots/.config/nvim/after/plugin/vim-tidal.vim.lua
@@ -1,16 +1,28 @@
-vim.cmd([[
+vim.g.tidal_default_config = { socket_name = "default", target_pane = "tidal:1.1" }
-" Tidalcycles (sclang and vim-tidal)
+vim.g.tidal_no_mappings = 1
 let g:tidal_default_config = {"socket_name": "default", "target_pane": "tidal:1.1"}
 let g:tidal_no_mappings = 1
-au FileType tidal nm <buffer> <leader>ep <Plug>TidalParagraphSend
+vim.api.nvim_create_autocmd("FileType", {
-au FileType tidal nm <buffer> <leader>ee <Plug>TidalLineSend
+  pattern = "tidal",
-au FileType tidal nnoremap <buffer> <leader>h :TidalHush<cr>
+  callback = function(e)
-au FileType tidal com! -nargs=1 S :TidalSilence <args>
+    local buf = e.buf
-au FileType tidal com! -nargs=1 P :TidalPlay <args>
+    vim.keymap.set("n", "<leader>ep", "<Plug>TidalParagraphSend", { buffer = buf, desc = "Tidal: send paragraph" })
-au FileType tidal com! -nargs=0 H :TidalHush
+    vim.keymap.set("n", "<leader>ee", "<Plug>TidalLineSend", { buffer = buf, desc = "Tidal: send line" })
    vim.keymap.set("n", "<leader>h", ":TidalHush<cr>", { buffer = buf, desc = "Tidal: hush" })
    vim.api.nvim_buf_create_user_command(buf, "S", "TidalSilence <args>", { nargs = 1 })
    vim.api.nvim_buf_create_user_command(buf, "P", "TidalPlay <args>", { nargs = 1 })
    vim.api.nvim_buf_create_user_command(buf, "H", "TidalHush", { nargs = 0 })
  end,
 })
-" SuperCollider
+-- SuperCollider
-au BufEnter,BufWinEnter,BufNewFile,BufRead *.sc,*.scd se filetype=supercollider
+vim.api.nvim_create_autocmd({ "BufEnter", "BufWinEnter", "BufNewFile", "BufRead" }, {
-au Filetype supercollider packadd scvim
+  pattern = { "*.sc", "*.scd" },
-]])
+  callback = function()
    vim.bo.filetype = "supercollider"
  end,
 })
 vim.api.nvim_create_autocmd("FileType", {
  pattern = "supercollider",
  command = "packadd scvim",
 })
--- a/dots/.config/nvim/after/plugin/wiki.vim.lua
+++ b/dots/.config/nvim/after/plugin/wiki.vim.lua
@@ -1,6 +1,8 @@
 require("zk.utils")
 vim.cmd([[
 " Change local buffer to directory of current file after the plugin has loaded
-autocmd VimEnter * lcd %:p:h
+execute 'autocmd BufEnter' g:zk_path . '/*.md' 'silent lcd %:p:h'
 " " Override wiki index mapping to also cd into the wiki
 nm <leader>ww <plug>(wiki-index)
@@ -11,11 +13,16 @@ nm <leader>ww <plug>(wiki-index)
 " nm <leader>s <plug>(wiki-link-follow-split)
 " nm <leader>v <plug>(wiki-link-follow-vsplit)
-autocmd BufEnter *.md if expand('%:t') =~ '_' | echo 'hierarchical relation' | endif
+function! ZKContextualEcho()
-autocmd BufEnter *.md if expand('%:t') =~ '--' | echo 'relation' | endif
+  let l:name = expand('%:t')
-autocmd BufEnter *.md if expand('%:t') =~ '<>' | echo 'dichotomy' | endif
+  if l:name =~ '_' | echo 'hierarchical relation'
-autocmd BufEnter *.md if expand('%:t') =~ 'my-' | echo 'personal file' | endif
+  elseif l:name =~ '--' | echo 'relation'
-autocmd BufEnter *.md if expand('%:t') =~ 'project_' | echo 'project file' | endif
+  elseif l:name =~ '<>' | echo 'dichotomy'
  elseif l:name =~ 'my-' | echo 'personal file'
  elseif l:name =~ 'project_' | echo 'project file'
  endif
 endfunction
 execute 'autocmd BufEnter' g:zk_path . '/*.md' 'call ZKContextualEcho()'
 " Only load wiki.vim for zk directory
 let g:wiki_index_name='index'
@@ -76,7 +83,7 @@ let g:wiki_templates = [
 "
 let g:wiki_filetypes=['md']
-let g:wiki_root='~/.zk'
+let g:wiki_root=g:zk_path
 let g:wiki_global_load=0
 let g:wiki_link_creation = {
      \ 'md': {
--- a/dots/.config/nvim/flake.lock
+++ b/dots/.config/nvim/flake.lock
@@ -42,11 +42,11 @@
    },
    "nixCats": {
      "locked": {
-        "lastModified": 1770584904,
+        "lastModified": 1777273601,
-        "narHash": "sha256-9Zaz8lbKF2W9pwXZEnbiGsicHdBoU+dHt3Wv3mCJoZ8=",
+        "narHash": "sha256-xBUa8Tl9V7IXI+VmLEuDc81La/EhoSn1C3EVSnJ3cfU=",
        "owner": "BirdeeHub",
        "repo": "nixCats-nvim",
-        "rev": "538fdde784d2909700d97a8ef307783b33a86fb1",
+        "rev": "f69ea013e328841a7def7037ed59788a76be8816",
        "type": "github"
      },
      "original": {
@@ -73,11 +73,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1770843696,
+        "lastModified": 1777270315,
-        "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=",
+        "narHash": "sha256-yKB4G6cKsQsWN7M6rZGk6gkJPDNPIzT05y4qzRyCDlI=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16",
+        "rev": "6368eda62c9775c38ef7f714b2555a741c20c72d",
        "type": "github"
      },
      "original": {
@@ -106,11 +106,11 @@
    "plugins-helm-ls-nvim": {
      "flake": false,
      "locked": {
-        "lastModified": 1768584652,
+        "lastModified": 1773934114,
-        "narHash": "sha256-jnMc87OjURNcqsva0npYgVyUrWc5C6L7yHpNvt9eSmg=",
+        "narHash": "sha256-8trqFsA7nTKSdtkiAL0Sa9bXjh5ONtAqN7XNE/B8ukM=",
        "owner": "qvalentin",
        "repo": "helm-ls.nvim",
-        "rev": "f0b9a1723890971a6d84890b50dbf5f40974ea1b",
+        "rev": "20df43509b02a3ce3c6b3eee254d6e2bffa9a370",
        "type": "github"
      },
      "original": {
--- a/dots/.config/nvim/flake.nix
+++ b/dots/.config/nvim/flake.nix
@@ -45,13 +45,38 @@
      inherit (nixCats) utils;
      luaPath = ./.;
      forEachSystem = utils.eachSystem nixpkgs.lib.platforms.all;
-      extra_pkg_config = { };
+      extra_pkg_config = {
        allowUnfreePredicate =
          pkg:
          builtins.elem (nixpkgs.lib.getName pkg) [
            "vim-sandwich"
            "jupytext.nvim"
            "eyeliner.nvim"
            "context_filetype.vim"
            "editorconfig-vim"
            "unicode.vim"
            "quarto-nvim"
            "vim-openscad"
            "lsp_lines.nvim"
            "nvim-highlight-colors"
            "nvim-lint"
          ];
      };
      mkDependencyOverlays = system: [
        (utils.standardPluginOverlay inputs)
        (_final: _prev: {
          mcp-hub = inputs.mcp-hub.packages.${system}.default;
        })
        (_: prev: {
          luajitPackages = prev.luajitPackages.overrideScope (
            _: lprev: {
              neotest = lprev.neotest.overrideAttrs (_: {
                doCheck = false;
              });
            }
          );
        })
      ];
      categoryDefinitions =
@@ -62,9 +87,11 @@
        {
          lspsAndRuntimeDeps = with pkgs; {
            general = [
              nodejs_24
              black
              clang
              clang-tools
              curl # → plenary-nvim, mcp-hub
              delta
              emmet-language-server
              eslint_d
@@ -78,8 +105,8 @@
              mcp-hub
              nixd
              nixfmt
-              nodePackages.prettier
+              prettier
-              nodePackages.typescript-language-server
+              typescript-language-server
              ormolu
              prettierd
              rust-analyzer
@@ -88,6 +115,8 @@
              stylelint
              stylua
              tree-sitter
              tailwindcss-language-server
              typescript-language-server
              vscode-langservers-extracted
              vtsls
              yaml-language-server
--- a/dots/.config/nvim/ftplugin/json.lua
+++ b/dots/.config/nvim/ftplugin/json.lua
@@ -1,15 +1,12 @@
 local json_newline = function()
  local line = vim.api.nvim_get_current_line()
  if line == "" then
    print("line is empty")
    return "o"
  elseif string.byte(line, -1) == string.byte(",") then
    return "o"
  elseif string.byte(line, -1) == string.byte("{") then
    print("line ends with '{'")
    return "o"
  elseif string.byte(line, -1) == string.byte("}") then
    print("line ends with '}'")
    return "o"
  else
    return "A,<CR>"
--- a/dots/.config/nvim/lua/base.lua
+++ b/dots/.config/nvim/lua/base.lua
@@ -26,5 +26,4 @@ set lcs=trail:·,tab:→\ ,nbsp:␣         " Whitespace rendering
 set ar                                 " Autoread
 set spellsuggest+=5                    " Limit spell suggestions
 set wildignore+=*/node_modules/*,*/tmp/*,*.so,*.swp,*.zip
 " set thesaurus+=./thesaurus/mthesaur.txt " FIXME
 ]])
--- a/dots/.config/nvim/lua/ftdetect.lua
+++ b/dots/.config/nvim/lua/ftdetect.lua
@@ -9,5 +9,6 @@ vim.filetype.add({
    ["%.env.*"] = "dotenv",
    ["%.pl$"] = "prolog",
    [".*.containerfile.*"] = "dockerfile",
    ["%.hydra$"] = "javascript",
  },
 })
--- a/dots/.config/nvim/lua/keymaps.lua
+++ b/dots/.config/nvim/lua/keymaps.lua
@@ -1,60 +1,57 @@
-vim.cmd([[
+vim.g.mapleader = " "
-" Leader keys
+vim.g.maplocalleader = ";"
 let mapleader = " "
 let maplocalleader = ";"
 " Splits & navigation
 nm s <c-w>           " Split horizontal
 nm ss :sp<CR><c-w>w| " Split horizontal
 nm sv :vs<CR><c-w>w| " Split vertical
 nm sw <c-w>w|        " Navigate splits
 nm sh <c-w>h|        "
 nm sj <c-w>j|        "
 nm sk <c-w>k|        "
 nm sl <c-w>l|        "
 nn sH <c-w>8<|       " Resize splits
 nn sJ <c-w>8-|       "
 nn sK <c-w>8+|       "
 nn sL <c-w>8>|       "
 nn s= <c-w>=|        " Equalize splits
 " Open
 nn sb :Lex<cr>|          " File tree
 nn <leader><leader> :noh<cr> |"
 nn <leader>t :term<cr>| " Open terminal
 " Remaps
 ino <nowait> jj <esc>|   " Normal now
 nn  <left>  <nop>|       " Hard mode
 nn  <down>  <nop>|       " "
 nn  <up>    <nop>|       " "
 nn  <right> <nop>|       " "
 ino <left>  <nop>|       " "
 ino <down>  <nop>|       " "
 ino <up>    <nop>|       " "
 ino <right> <nop>|       " "
 " Search
 nn <c-_> :noh<cr>| " map 'ctrl + /'
 " Line numbers
 nn <leader>n :set nu! rnu!<cr>
 " Vim configuration
 nn <leader>ec :vs $MYVIMRC<cr>
 nn <leader>so :so %<cr>
 ]])
 local set = vim.keymap.set
-set("n", "<leader>cx", "<cmd>!chmod +x %<CR>", { silent = true, desc = "Run `chmod +x` on current file" })
+-- splits & navigation
-set("n", "yp", "<cmd>let @+ = expand('%r')<CR>:p<CR>", { silent = true, desc = "Yank path" })
+set("n", "s", "<c-w>", { desc = "window prefix" })
 set("n", "ss", ":sp<CR><c-w>w", { desc = "split horizontal" })
 set("n", "sv", ":vs<CR><c-w>w", { desc = "split vertical" })
 set("n", "sw", "<c-w>w", { desc = "navigate splits" })
 set("n", "sh", "<c-w>h", { desc = "focus left split" })
 set("n", "sj", "<c-w>j", { desc = "focus below split" })
 set("n", "sk", "<c-w>k", { desc = "focus above split" })
 set("n", "sl", "<c-w>l", { desc = "focus right split" })
 set("n", "sH", "<c-w>8<", { desc = "shrink split left" })
 set("n", "sJ", "<c-w>8-", { desc = "shrink split down" })
 set("n", "sK", "<c-w>8+", { desc = "grow split up" })
 set("n", "sL", "<c-w>8>", { desc = "grow split right" })
 set("n", "s=", "<c-w>=", { desc = "equalize splits" })
-- Remap native NeoVim comment keymaps
+-- open
-set({ "n", "x" }, "<leader>c", "gc", { remap = true, desc = "Toggle comment" })
+set("n", "sb", ":Lex<cr>", { desc = "file tree" })
-set("n", "<leader>cc", "gcc", { remap = true, desc = "Toggle comment line" })
+set("n", "<leader><leader>", ":noh<cr>", { desc = "clear highlights" })
-set("o", "<leader>c", "gc", { remap = true, desc = "Comment textobject" })
+set("n", "<leader>t", ":term<cr>", { desc = "open terminal" })
-- Move lines
+-- remaps
-set("v", "K", ": '<,'>move '<-2<cr>gv")
+set("i", "jj", "<esc>", { nowait = true, desc = "exit insert mode" })
-set("v", "J", ": '<,'>move '>+1<cr>gv")
+set("n", "<left>", "<nop>")
 set("n", "<down>", "<nop>")
 set("n", "<up>", "<nop>")
 set("n", "<right>", "<nop>")
 set("i", "<left>", "<nop>")
 set("i", "<down>", "<nop>")
 set("i", "<up>", "<nop>")
 set("i", "<right>", "<nop>")
 -- search
 set("n", "<c-_>", ":noh<cr>", { desc = "clear search highlight" })
 -- line numbers
 set("n", "<leader>n", ":set nu! rnu!<cr>", { desc = "toggle line numbers" })
 -- vim configuration
 set("n", "<leader>ec", ":vs $MYVIMRC<cr>", { desc = "edit vimrc" })
 set("n", "<leader>so", ":so %<cr>", { desc = "source current file" })
 set("n", "<leader>cx", "<cmd>!chmod +x %<CR>", { silent = true, desc = "run `chmod +x` on current file" })
 set("n", "yp", "<cmd>let @+ = expand('%r')<CR>:p<CR>", { silent = true, desc = "yank path" })
 -- remap native NeoVim comment keymaps
 set({ "n", "x" }, "<leader>c", "gc", { remap = true, desc = "toggle comment" })
 set("n", "<leader>cc", "gcc", { remap = true, desc = "toggle comment line" })
 set("o", "<leader>c", "gc", { remap = true, desc = "comment textobject" })
 -- move lines
 set("v", "K", ": '<,'>move '<-2<cr>gv", { desc = "move selection up" })
 set("v", "J", ": '<,'>move '>+1<cr>gv", { desc = "move selection down" })
--- a/dots/.config/nvim/lua/zk/cmp.lua
+++ b/dots/.config/nvim/lua/zk/cmp.lua
@@ -13,13 +13,19 @@ local function get_markdown_files(base)
  return items
 end
 function source:get_keyword_pattern()
  return "[%w%./%-]*"
 end
 function source:complete(params, callback)
  local cursor_before_line = params.context.cursor_before_line
  local cursor_after_line = params.context.cursor_after_line or ""
-  local trigger = cursor_before_line:match("%[[^%]]*%]%(([^)]*)$")
+  if not cursor_before_line:match("%[[^%]]*%]%(") then
    callback({})
    return
  end
  if trigger ~= nil then
  local items = get_markdown_files(".")
  local next_char = cursor_after_line:sub(1, 1)
@@ -32,9 +38,6 @@ function source:complete(params, callback)
  end
  callback(items)
  else
    callback({})
  end
 end
 function source:get_trigger_characters()
--- a/dots/.config/nvim/lua/zk/init.lua
+++ b/dots/.config/nvim/lua/zk/init.lua
@@ -1,9 +1,10 @@
 require("zk.cmp")
 require("zk.utils")
 vim.cmd([[
 let s:zk_preview_enabled = 0
 let s:live_server_job = -1
-au BufEnter /home/h/.zk/*.md silent exe '!echo "%" > /home/h/.zk/current-zettel.txt'
+execute 'au BufEnter' g:zk_path . '/*.md' 'silent exe "!echo %" ">" g:zk_path . "/current-zettel.txt"'
 function! ToggleZKPreview()
    if s:zk_preview_enabled == 1
        let s:zk_preview_enabled = 0
@@ -11,10 +12,10 @@ function! ToggleZKPreview()
        au! ZKPreview
    else
        let s:zk_preview_enabled = 1
-        let s:live_server_job = jobstart('live-server --watch=/home/h/.zk/current-zettel-content.html --open=current-zettel-content.html --port=8080')
+        let s:live_server_job = jobstart('live-server --watch=' . g:zk_path . '/current-zettel-content.html --open=current-zettel-content.html --port=8080')
        augroup ZKPreview
-          au BufEnter /home/h/.zk/*.md silent exe '!cat "%:r.html" > /home/h/.zk/current-zettel-content.html'
+          execute 'au BufEnter' g:zk_path . '/*.md' 'silent exe "!cat %:r.html" ">" g:zk_path . "/current-zettel-content.html"'
-          au BufWritePost /home/h/.zk/*.md silent exe '!make && cat "%:r.html" > /home/h/.zk/current-zettel-content.html'
+          execute 'au BufWritePost' g:zk_path . '/*.md' 'silent exe "!make && cat %:r.html" ">" g:zk_path . "/current-zettel-content.html"'
        augroup END
    endif
 endfunction
--- a/dots/.config/nvim/lua/zk/utils.lua
+++ b/dots/.config/nvim/lua/zk/utils.lua
@@ -0,0 +1,2 @@
 vim.g.zk_path = os.getenv("ZK_PATH") or (os.getenv("HOME") .. "/.zk")
 return vim.g.zk_path
--- a/dots/.config/nvim/snips/all.lua
+++ b/dots/.config/nvim/snips/all.lua
@@ -17,7 +17,7 @@ local LOCALHOST_IP = "127.0.0.1"
 return {
  s({ trig = "fn", desc = "Filename" }, { f(TM_FILENAME_BASE) }),
-  s({ trig = "fne", dscr = "Filename (+extension)" }, { f(TM_FILENAME) }),
+  s({ trig = "fne", desc = "Filename (+extension)" }, { f(TM_FILENAME) }),
  s({ trig = "hm" }, { t(NAME) }),
  s({ trig = "loho" }, { t(LOCALHOST) }),
  s({ trig = "lohoi" }, { t(LOCALHOST_IP) }),
--- a/dots/.config/nvim/snips/css.lua
+++ b/dots/.config/nvim/snips/css.lua
@@ -5,112 +5,112 @@ local i = ls.insert_node
 return {
  -- Flex
-  s({ trig = "b1", dscr = "Add 'border: 1px <color>;'" }, {
+  s({ trig = "b1", desc = "Add 'border: 1px <color>;'" }, {
    t("border: 1px solid "),
    i(1),
    t(";"),
    i(0),
  }),
-  s({ trig = "dfl", dscr = "Add 'display: flex;'" }, {
+  s({ trig = "dfl", desc = "Add 'display: flex;'" }, {
    t("display: flex;"),
    i(0),
  }),
-  s({ trig = "flr", dscr = "Add 'flex-direction: row;'" }, {
+  s({ trig = "flr", desc = "Add 'flex-direction: row;'" }, {
    t("flex-direction: row;"),
    i(0),
  }),
-  s({ trig = "flc", dscr = "Add 'flex-direction: column;'" }, {
+  s({ trig = "flc", desc = "Add 'flex-direction: column;'" }, {
    t("flex-direction: column;"),
    i(0),
  }),
-  s({ trig = "flw", dscr = "Add 'flex-wrap: wrap;'" }, {
+  s({ trig = "flw", desc = "Add 'flex-wrap: wrap;'" }, {
    t("flex-wrap: wrap;"),
    i(0),
  }),
-  s({ trig = "dfc", dscr = "Add 'flex-direction: column;'" }, {
+  s({ trig = "dfc", desc = "Add 'flex-direction: column;'" }, {
    t("display: flex;"),
    t("flex-direction: column;"),
    i(0),
  }),
  -- Grid
-  s({ trig = "dg", dscr = "Add 'display: grid;'" }, {
+  s({ trig = "dg", desc = "Add 'display: grid;'" }, {
    t("display: grid;"),
    i(0),
  }),
  -- Block
-  s({ trig = "db", dscr = "Add 'display: block;'" }, {
+  s({ trig = "db", desc = "Add 'display: block;'" }, {
    t("display: block;"),
    i(0),
  }),
  -- None
-  s({ trig = "dn", dscr = "Add 'display: none;'" }, {
+  s({ trig = "dn", desc = "Add 'display: none;'" }, {
    t("display: none;"),
    i(0),
  }),
  -- CSS Variables
-  s({ trig = "v", dscr = "Add CSS variable" }, {
+  s({ trig = "v", desc = "Add CSS variable" }, {
    t("var(--"),
    i(1),
    t(")"),
    i(0),
  }),
  -- Margin
-  s({ trig = "m", dscr = "Add 'margin: ;'" }, {
+  s({ trig = "m", desc = "Add 'margin: ;'" }, {
    t("margin: "),
    i(1),
    t(";"),
    i(0),
  }),
-  s({ trig = "mt", dscr = "Add 'margin-top: ;'" }, {
+  s({ trig = "mt", desc = "Add 'margin-top: ;'" }, {
    t("margin-top: "),
    i(1),
    t(";"),
    i(0),
  }),
-  s({ trig = "mr", dscr = "Add 'margin-right: ;'" }, {
+  s({ trig = "mr", desc = "Add 'margin-right: ;'" }, {
    t("margin-right: "),
    i(1),
    t(";"),
    i(0),
  }),
-  s({ trig = "mb", dscr = "Add 'margin-bottom: ;'" }, {
+  s({ trig = "mb", desc = "Add 'margin-bottom: ;'" }, {
    t("margin-bottom: "),
    i(1),
    t(";"),
    i(0),
  }),
-  s({ trig = "ml", dscr = "Add 'margin-left: ;'" }, {
+  s({ trig = "ml", desc = "Add 'margin-left: ;'" }, {
    t("margin-left: "),
    i(1),
    t(";"),
    i(0),
  }),
  -- Padding
-  s({ trig = "p", dscr = "Add 'padding: ;'" }, {
+  s({ trig = "p", desc = "Add 'padding: ;'" }, {
    t("padding: "),
    i(1),
    t(";"),
    i(0),
  }),
-  s({ trig = "pt", dscr = "Add 'padding-top: ;'" }, {
+  s({ trig = "pt", desc = "Add 'padding-top: ;'" }, {
    t("padding-top: "),
    i(1),
    t(";"),
    i(0),
  }),
-  s({ trig = "pr", dscr = "Add 'padding-right: ;'" }, {
+  s({ trig = "pr", desc = "Add 'padding-right: ;'" }, {
    t("padding-right: "),
    i(1),
    t(";"),
    i(0),
  }),
-  s({ trig = "pb", dscr = "Add 'padding-bottom: ;'" }, {
+  s({ trig = "pb", desc = "Add 'padding-bottom: ;'" }, {
    t("padding-bottom: "),
    i(1),
    t(";"),
    i(0),
  }),
-  s({ trig = "pl", dscr = "Add 'padding-left: ;'" }, {
+  s({ trig = "pl", desc = "Add 'padding-left: ;'" }, {
    t("padding-left: "),
    i(1),
    t(";"),
--- a/dots/.config/nvim/snips/javascript.lua
+++ b/dots/.config/nvim/snips/javascript.lua
@@ -4,19 +4,19 @@ local t = ls.text_node
 local i = ls.insert_node
 return {
-  s({ trig = "clg", dscr = "console.log" }, {
+  s({ trig = "clg", desc = "console.log" }, {
    t("console.log("),
    i(1),
    t(")"),
    i(0),
  }),
-  s({ trig = "Js", dscr = "JSON.stringify" }, {
+  s({ trig = "Js", desc = "JSON.stringify" }, {
    t("JSON.stringify("),
    i(1),
    t(")"),
    i(0),
  }),
-  s({ trig = "Jsf", dscr = "JSON.stringify (formatted)" }, {
+  s({ trig = "Jsf", desc = "JSON.stringify (formatted)" }, {
    t("JSON.stringify("),
    i(1),
    t(", 0, 2)"),
--- a/dots/.config/nvim/snips/pandoc.lua
+++ b/dots/.config/nvim/snips/pandoc.lua
@@ -915,21 +915,21 @@ end
 return {
  s(
-    { trig = "^h", regTrig = true, dscr = "Markdown header" },
+    { trig = "^h", regTrig = true, desc = "Markdown header" },
    fmta("# <><>", {
      d(1, get_visual),
      i(0),
    })
  ),
  s(
-    { trig = "^sec", regTrig = true, dscr = "Markdown header" },
+    { trig = "^sec", regTrig = true, desc = "Markdown header" },
    fmta("## <><>", {
      d(1, get_visual),
      i(0),
    })
  ),
  s(
-    { trig = "^ssec", regTrig = true, dscr = "Markdown header" },
+    { trig = "^ssec", regTrig = true, desc = "Markdown header" },
    fmta("### <><>", {
      d(1, get_visual),
      i(0),
--- a/dots/.config/nvim/vscode.lua
+++ b/dots/.config/nvim/vscode.lua
@@ -1,11 +1,5 @@
 local cmd = vim.cmd
 local map = vim.keymap.set
 cmd([[
 source ~/.vim/init/base.vim
 source ~/.vim/init/mappings.vim
 ]])
 require("keymaps")
 map({ "n", "v" }, "<leader>p", '<cmd>call VSCodeNotify("workbench.action.quickOpen")<cr>')
--- a/dots/.config/tmux/hooks/tmux.ssh.conf
+++ b/dots/.config/tmux/hooks/tmux.ssh.conf
@@ -1 +0,0 @@
 set -g status-style bg=colour12,fg=colour0
--- a/dots/.config/tmux/tmux.conf
+++ b/dots/.config/tmux/tmux.conf
@@ -70,8 +70,6 @@ set -g status-right '#(uptime | cut -f 4-5 -d " " | cut -f 1 -d ",") %a %l:%M:%S
 set -g default-terminal "tmux-256color"
 set-hook -g after-new-session 'if -F "#{==:#{session_name},ssh}" "source ${XDG_CONFIG_HOME}/tmux/hooks/tmux.ssh.conf" "source ${XDG_CONFIG_HOME}/tmux/hooks/tmux.regular.conf"'
 # Vi copypaste mode
 if-shell "test '\( #{$TMUX_VERSION_MAJOR} -eq 2 -a #{$TMUX_VERSION_MINOR} -ge 4 \)'" 'bind-key -Tcopy-mode-vi v send -X begin-selection; bind-key -Tcopy-mode-vi y send -X copy-selection-and-cancel'
 if-shell '\( #{$TMUX_VERSION_MAJOR} -eq 2 -a #{$TMUX_VERSION_MINOR} -lt 4\) -o #{$TMUX_VERSION_MAJOR} -le 1' 'bind-key -t vi-copy v begin-selection; bind-key -t vi-copy y copy-selection'
--- a/dots/.local/share/task/hooks/on-add.limit.py
+++ b/dots/.local/share/task/hooks/on-add.limit.py
@@ -1,29 +0,0 @@
 #!/usr/bin/env python3
 import sys
 import json
 SLOTS_FILE = "/home/h/.local/share/task/add_slots"
 def get_slots():
    try:
        with open(SLOTS_FILE, "r") as f:
            return int(f.read().strip())
    except:
        return 0
 slots = get_slots()
 if slots <= 0:
    print(f"Cannot add task: No slots available (0/{slots}).")
    print("Delete or complete a task first to earn an add slot.")
    sys.exit(1)
 with open(SLOTS_FILE, "w") as f:
    f.write(str(slots - 1))
 print(f"Task added. Slots remaining: {slots - 1}")
 for line in sys.stdin:
    task = json.loads(line)
    print(json.dumps(task))
    sys.exit(0)
--- a/dots/.local/share/task/hooks/on-modify.limit.py
+++ b/dots/.local/share/task/hooks/on-modify.limit.py
@@ -1,34 +0,0 @@
 #!/usr/bin/env python3
 import sys
 import json
 SLOTS_FILE = "/home/h/.local/share/task/add_slots"
 def get_slots():
    try:
        with open(SLOTS_FILE, "r") as f:
            return int(f.read().strip())
    except:
        return 0
 data = sys.stdin.read().strip().split("\n")
 if len(data) < 2:
    for line in data:
        if line:
            print(line)
    sys.exit(0)
 old_task = json.loads(data[0])
 new_task = json.loads(data[1])
 was_pending = old_task.get("status") == "pending"
 is_not_pending = new_task.get("status") in ("completed", "deleted")
 if was_pending and is_not_pending:
    slots = get_slots() + 1
    with open(SLOTS_FILE, "w") as f:
        f.write(str(slots))
    print(f"Slot earned! Total slots: {slots}")
 print(json.dumps(new_task))
 sys.exit(0)
--- a/flake.lock
+++ b/flake.lock
@@ -38,11 +38,11 @@
    "base16-helix": {
      "flake": false,
      "locked": {
-        "lastModified": 1760703920,
+        "lastModified": 1776754714,
-        "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=",
+        "narHash": "sha256-E3OAK27smtATTmX45uoTSRsVD+Y+ZiVVfgM/tjpbtYg=",
        "owner": "tinted-theming",
        "repo": "base16-helix",
-        "rev": "d646af9b7d14bff08824538164af99d0c521b185",
+        "rev": "4d508123037e7851ad36ebf7d9c48b0e9e1eb581",
        "type": "github"
      },
      "original": {
@@ -121,11 +121,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1773115390,
+        "lastModified": 1778040175,
-        "narHash": "sha256-nl1kcyM1locj//JnzC43hZIjY4z5opcTPqv1RnMZqPU=",
+        "narHash": "sha256-SSXJp3BMjO2LrW/VLjNdGGcjd3RFEyV4FemYA6OGrYw=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "aecb1fc3e18c3cdcbdd96485b392ffa4584467e8",
+        "rev": "3bd76b0f41e65661866bddcac57ebe83aeadb581",
        "type": "gitlab"
      },
      "original": {
@@ -138,11 +138,11 @@
    "firefox-gnome-theme": {
      "flake": false,
      "locked": {
-        "lastModified": 1764873433,
+        "lastModified": 1776136500,
-        "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=",
+        "narHash": "sha256-r0gN2brVWA351zwMV0Flmlcd6SGMvYqFbvC3DfKFM8Y=",
        "owner": "rafaelmardojai",
        "repo": "firefox-gnome-theme",
-        "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92",
+        "rev": "0f8ba203d475587f477e7ae12661bd8459e225b7",
        "type": "github"
      },
      "original": {
@@ -213,11 +213,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767609335,
+        "lastModified": 1775087534,
-        "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
+        "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "250481aafeb741edfe23d29195671c19b36b6dca",
+        "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
        "type": "github"
      },
      "original": {
@@ -284,11 +284,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772893680,
+        "lastModified": 1776796298,
-        "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
+        "narHash": "sha256-PcRvlWayisPSjd0UcRQbhG8Oqw78AcPE6x872cPRHN8=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
+        "rev": "3cfd774b0a530725a077e17354fbdb87ea1c4aad",
        "type": "github"
      },
      "original": {
@@ -321,20 +321,18 @@
    "gnome-shell": {
      "flake": false,
      "locked": {
        "host": "gitlab.gnome.org",
        "lastModified": 1767737596,
        "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=",
        "owner": "GNOME",
        "repo": "gnome-shell",
        "rev": "ef02db02bf0ff342734d525b5767814770d85b49",
-        "type": "gitlab"
+        "type": "github"
      },
      "original": {
        "host": "gitlab.gnome.org",
        "owner": "GNOME",
        "ref": "gnome-49",
        "repo": "gnome-shell",
-        "type": "gitlab"
+        "rev": "ef02db02bf0ff342734d525b5767814770d85b49",
        "type": "github"
      }
    },
    "home-manager": {
@@ -344,11 +342,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1773093840,
+        "lastModified": 1778009629,
-        "narHash": "sha256-u/96NoAyN8BSRuM3ZimGf7vyYgXa3pLx4MYWjokuoH4=",
+        "narHash": "sha256-nUoQtf4Zq7DRYJrfv904hjrxjAlWVP6a1pNNFKx3FCg=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "bb014746edb2a98d975abde4dd40fa240de4cf86",
+        "rev": "00ed86e58bb6979a7921859fd1615d19382eac5c",
        "type": "github"
      },
      "original": {
@@ -400,10 +398,10 @@
    "nix-secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1770135527,
+        "lastModified": 1776723456,
-        "narHash": "sha256-Fup9LiyL6bDID3x+rAB2nP99Xv2o9Is5NkTDbmIy6o0=",
+        "narHash": "sha256-GBbbm05oXYqSZ2EgxQPsNpTKl16wNhvrlUxdmv0FbSU=",
        "ref": "main",
-        "rev": "521d144f8a8ff9fca8ccf492d7fbdd05d9a5fe37",
+        "rev": "135b681d24af6ee4508bbf7c657982d7be8743d4",
        "shallow": true,
        "type": "git",
        "url": "ssh://git@github.com/hektor/nix-secrets"
@@ -417,11 +415,11 @@
    },
    "nixCats": {
      "locked": {
-        "lastModified": 1770584904,
+        "lastModified": 1777273601,
-        "narHash": "sha256-9Zaz8lbKF2W9pwXZEnbiGsicHdBoU+dHt3Wv3mCJoZ8=",
+        "narHash": "sha256-xBUa8Tl9V7IXI+VmLEuDc81La/EhoSn1C3EVSnJ3cfU=",
        "owner": "BirdeeHub",
        "repo": "nixCats-nvim",
-        "rev": "538fdde784d2909700d97a8ef307783b33a86fb1",
+        "rev": "f69ea013e328841a7def7037ed59788a76be8816",
        "type": "github"
      },
      "original": {
@@ -453,11 +451,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1772972630,
+        "lastModified": 1777917524,
-        "narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=",
+        "narHash": "sha256-k+LVe9YaO2BEPB9AaCtTtOMCeGi4dxDo6gt4Un3qoPY=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72",
+        "rev": "df7783100babf59001340a7a874ba3824e441ecb",
        "type": "github"
      },
      "original": {
@@ -469,11 +467,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1772963539,
+        "lastModified": 1777954456,
-        "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
+        "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
+        "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
        "type": "github"
      },
      "original": {
@@ -511,11 +509,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767810917,
+        "lastModified": 1777598946,
-        "narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=",
+        "narHash": "sha256-X239dAGaU1+gfDj8jKH8GzlqKMcxaVfXOio+uzBOkeE=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4",
+        "rev": "5d55af01c0f86be583931fe99207fc56c14134b3",
        "type": "github"
      },
      "original": {
@@ -567,11 +565,11 @@
    "plugins-helm-ls-nvim": {
      "flake": false,
      "locked": {
-        "lastModified": 1768584652,
+        "lastModified": 1773934114,
-        "narHash": "sha256-jnMc87OjURNcqsva0npYgVyUrWc5C6L7yHpNvt9eSmg=",
+        "narHash": "sha256-8trqFsA7nTKSdtkiAL0Sa9bXjh5ONtAqN7XNE/B8ukM=",
        "owner": "qvalentin",
        "repo": "helm-ls.nvim",
-        "rev": "f0b9a1723890971a6d84890b50dbf5f40974ea1b",
+        "rev": "20df43509b02a3ce3c6b3eee254d6e2bffa9a370",
        "type": "github"
      },
      "original": {
@@ -667,11 +665,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1773096132,
+        "lastModified": 1777944972,
-        "narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=",
+        "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784",
+        "rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
        "type": "github"
      },
      "original": {
@@ -710,18 +708,17 @@
        ],
        "nur": "nur",
        "systems": "systems_2",
        "tinted-foot": "tinted-foot",
        "tinted-kitty": "tinted-kitty",
        "tinted-schemes": "tinted-schemes",
        "tinted-tmux": "tinted-tmux",
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1772296853,
+        "lastModified": 1777835090,
-        "narHash": "sha256-pAtzPsgHRKw/2Kv8HgAjSJg450FDldHPWsP3AKG/Xj0=",
+        "narHash": "sha256-VLH8zPweblCOvpnQXp4fVs7f6Q79YhXF5XFKlOrvIFk=",
        "owner": "danth",
        "repo": "stylix",
-        "rev": "c4b8e80a1020e09a1f081ad0f98ce804a6e85acf",
+        "rev": "7989a1054b01153212dede6005abfd1576b8328c",
        "type": "github"
      },
      "original": {
@@ -760,23 +757,6 @@
        "type": "github"
      }
    },
    "tinted-foot": {
      "flake": false,
      "locked": {
        "lastModified": 1726913040,
        "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
        "owner": "tinted-theming",
        "repo": "tinted-foot",
        "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
        "type": "github"
      },
      "original": {
        "owner": "tinted-theming",
        "repo": "tinted-foot",
        "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
        "type": "github"
      }
    },
    "tinted-kitty": {
      "flake": false,
      "locked": {
@@ -796,11 +776,11 @@
    "tinted-schemes": {
      "flake": false,
      "locked": {
-        "lastModified": 1767710407,
+        "lastModified": 1777041405,
-        "narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=",
+        "narHash": "sha256-BAGZ7ObFV/9Z61OJZun7ifPyhkuHqNuW1QIhQ8LuzCo=",
        "owner": "tinted-theming",
        "repo": "schemes",
-        "rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2",
+        "rev": "5f868b3a338b6904c47f3833b9c411be641983a8",
        "type": "github"
      },
      "original": {
@@ -812,11 +792,11 @@
    "tinted-tmux": {
      "flake": false,
      "locked": {
-        "lastModified": 1767489635,
+        "lastModified": 1777169200,
-        "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=",
+        "narHash": "sha256-h7dDbIzP5hDr9v97w9PL6jdAgXawmj6krcH+959rqpU=",
        "owner": "tinted-theming",
        "repo": "tinted-tmux",
-        "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184",
+        "rev": "f798c2dce44ef815bb6b8f05a82135c7942d35ac",
        "type": "github"
      },
      "original": {
@@ -828,11 +808,11 @@
    "tinted-zed": {
      "flake": false,
      "locked": {
-        "lastModified": 1767488740,
+        "lastModified": 1777463218,
-        "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=",
+        "narHash": "sha256-Bhkozqtq3BKLqWTlmKm8uAptfX4aRGI8QX3eEL54Vpc=",
        "owner": "tinted-theming",
        "repo": "base16-zed",
-        "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40",
+        "rev": "5768d08ed2e7944a26a958868cdb073cb8856dae",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -60,8 +60,8 @@
    let
      inherit (self) outputs;
      inherit (inputs.nixpkgs) lib;
-      utils = import ./utils { inherit lib; };
+      myUtils = import ./utils { inherit lib; };
-      hostDirNames = utils.dirNames ./hosts;
+      hostDirNames = myUtils.dirNames ./hosts;
      system = "x86_64-linux";
      dotsPath = ./dots;
      gitHooks = import ./git-hooks.nix {
@@ -70,19 +70,24 @@
      };
    in
    {
      nix.nixPath = [
        "nixpkgs=${inputs.nixpkgs}"
      ]; # <https://github.com/nix-community/nixd/blob/main/nixd/docs/configuration.md>
      nixosConfigurations =
        (lib.genAttrs hostDirNames (
          host:
          nixpkgs.lib.nixosSystem {
            modules = [
              ./hosts/${host}
-              { nixpkgs.hostPlatform = import ./hosts/${host}/system.nix; }
+              {
                nixpkgs.hostPlatform = (myUtils.hostMeta ./hosts/${host}).system;
                host.name = host;
              }
            ];
            specialArgs = {
-              inherit inputs outputs dotsPath;
+              inherit
                inputs
                outputs
                dotsPath
                myUtils
                ;
            };
          }
        ))
@@ -97,7 +102,12 @@
              }
            ];
            specialArgs = {
-              inherit inputs outputs dotsPath;
+              inherit
                inputs
                outputs
                dotsPath
                myUtils
                ;
            };
          };
          sd-image-raspberry-pi-aarch64 = nixpkgs.lib.nixosSystem {
@@ -110,7 +120,12 @@
              }
            ];
            specialArgs = {
-              inherit inputs outputs dotsPath;
+              inherit
                inputs
                outputs
                dotsPath
                myUtils
                ;
            };
          };
        };
@@ -123,7 +138,12 @@
          };
          modules = [ ./home/hosts/work ];
          extraSpecialArgs = {
-            inherit inputs outputs dotsPath;
+            inherit
              inputs
              outputs
              dotsPath
              myUtils
              ;
          };
        };
      };
--- a/home/hosts/andromache/default.nix
+++ b/home/hosts/andromache/default.nix
@@ -5,9 +5,6 @@
  ...
 }:
 let
  username = "h";
 in
 {
  imports = [
    ../../modules
@@ -19,6 +16,7 @@ in
    ../../modules/cloud
    ../../modules/comms
    ../../modules/desktop/niri
    ../../modules/devenv
    ../../modules/direnv
    ../../modules/git
    ../../modules/k8s/k9s.nix
@@ -27,28 +25,40 @@ in
    ../../modules/nvim
    ../../modules/pandoc
    ../../modules/photography
    ../../modules/secrets
    ../../modules/shell
    ../../modules/ssh
    ../../modules/taskwarrior
    ../../modules/terminal
    ../../modules/zk
    ../../modules/torrenting
  ];
  home = {
    stateVersion = "25.05";
-    inherit username;
+    inherit (config.host) username;
-    homeDirectory = "/home/${username}";
+    homeDirectory = "/home/${config.host.username}";
  };
  xdg.userDirs.createDirectories = false;
  xdg.userDirs.download = "${config.home.homeDirectory}/dl";
-  ai-tools.opencode.enable = true;
+  modules."3d" = {
    printing.enable = true;
    modeling.enable = true;
  };
  ai-tools = {
    claude-code.enable = true;
    opencode.enable = true;
  };
  browser.primary = "librewolf";
  cloud.hetzner.enable = true;
  comms.signal.enable = true;
-  github.enable = true;
+  git.github.enable = true;
  shell.bash.aliases.lang-js = true;
  shell.bash.addBinToPath = true;
  torrenting.enable = true;
  zk.enable = true;
  programs = {
    home-manager.enable = true;
--- a/home/hosts/astyanax/default.nix
+++ b/home/hosts/astyanax/default.nix
@@ -4,12 +4,10 @@
  ...
 }:
 let
  username = "h";
 in
 {
  imports = [
    ../../modules
    ../../modules/3d
    ../../modules/ai-tools
    ../../modules/anki
    ../../modules/audio
@@ -17,6 +15,7 @@ in
    ../../modules/cloud
    ../../modules/comms
    ../../modules/desktop/niri
    ../../modules/devenv
    ../../modules/direnv
    ../../modules/git
    ../../modules/k8s/k9s.nix
@@ -25,6 +24,7 @@ in
    ../../modules/nfc
    ../../modules/nvim
    ../../modules/pandoc
    ../../modules/secrets
    ../../modules/shell
    ../../modules/ssh
    ../../modules/taskwarrior
@@ -33,18 +33,24 @@ in
  home = {
    stateVersion = "25.05";
-    inherit username;
+    inherit (config.host) username;
-    homeDirectory = "/home/${username}";
+    homeDirectory = "/home/${config.host.username}";
  };
-  xdg.userDirs.createDirectories = false;
+  xdg.userDirs = {
-  xdg.userDirs.download = "${config.home.homeDirectory}/dl";
+    enable = false;
    createDirectories = false;
  };
-  ai-tools.opencode.enable = true;
+  modules."3d".printing.enable = true;
  ai-tools = {
    claude-code.enable = true;
    opencode.enable = true;
  };
  browser.primary = "librewolf";
  cloud.hetzner.enable = true;
  comms.signal.enable = true;
-  github.enable = true;
+  git.github.enable = true;
  shell.bash.aliases.lang-js = true;
  shell.bash.addBinToPath = true;
--- a/home/hosts/work/default.nix
+++ b/home/hosts/work/default.nix
@@ -5,15 +5,12 @@
  ...
 }:
 let
  username = "hektor";
 in
 {
  imports = [
    inputs.sops-nix.homeManagerModules.sops
    ../../modules
    ../../modules/ai-tools
-    ../../modules/anki.nix
+    ../../modules/anki
    ../../modules/browser
    ../../modules/bruno
    ../../modules/cloud
@@ -21,6 +18,7 @@ in
    ../../modules/database
    ../../modules/dconf
    ../../modules/desktop/niri
    ../../modules/devenv
    ../../modules/direnv
    ../../modules/docker
    ../../modules/git
@@ -29,63 +27,35 @@ in
    ../../modules/k8s
    ../../modules/k8s/k9s.nix
    ../../modules/keepassxc
    ../../modules/kitty.nix
    ../../modules/music
-    ../../modules/nodejs.nix
+    ../../modules/nodejs
    ../../modules/nvim
    ../../modules/pandoc
    ../../modules/secrets
    ../../modules/shell
    ../../modules/stylix
    ../../modules/taskwarrior
    ../../modules/ticketing
    ../../modules/terminal
-    ../../modules/vscode.nix
+    ../../modules/vscode
  ];
-  sops = {
+  sops.age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
    age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
    defaultSopsFile = "${inputs.nix-secrets}/secrets.yaml";
    secrets = {
      taskwarrior_sync_server_url = { };
      taskwarrior_sync_server_client_id = { };
      taskwarrior_sync_encryption_secret = { };
      anki_sync_user = { };
      anki_sync_key = { };
      opencode_api_key = { };
    };
    templates = {
      "taskrc.d/sync" = {
        content = ''
          sync.server.url=${config.sops.placeholder.taskwarrior_sync_server_url}
          sync.server.client_id=${config.sops.placeholder.taskwarrior_sync_server_client_id}
          sync.encryption_secret=${config.sops.placeholder.taskwarrior_sync_encryption_secret}
        '';
      };
      "opencode/auth.json" = {
        path = "${config.home.homeDirectory}/.local/share/opencode/auth.json";
        content = ''
          {
            "zai-coding-plan": {
              "type": "api",
              "key": "${config.sops.placeholder.opencode_api_key}"
            }
          }
        '';
      };
    };
  };
  nixpkgs.config.allowUnfree = true;
-  xdg.systemDirs.config = [ "/etc/xdg" ];
+  xdg = {
    systemDirs.config = [ "/etc/xdg" ];
    userDirs = {
      createDirectories = false;
      download = "${config.home.homeDirectory}/dl";
    };
  };
  home = {
    stateVersion = "25.05";
-    inherit username;
+    username = "hektor";
-    homeDirectory = "/home/${username}";
+    homeDirectory = "/home/${config.home.username}";
  };
  targets.genericLinux.nixGL = {
@@ -100,12 +70,16 @@ in
  comms.teams.enable = true;
  ai-tools = {
    claude-code.enable = true;
    tirith.enable = true;
    opencode.enable = true;
  };
-  database.mssql.enable = true;
+  database = {
-  database.postgresql.enable = true;
+    mssql.enable = true;
-  github.enable = true;
+    postgresql.enable = true;
-  gitlab.enable = true;
+    redis.enable = true;
  };
  git.github.enable = true;
  git.gitlab.enable = true;
  secrets.vault.enable = true;
  programs = {
--- a/home/modules/3d/default.nix
+++ b/home/modules/3d/default.nix
@@ -1,11 +1,32 @@
 { pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.modules."3d";
 in
 {
  options.modules."3d" = {
    printing.enable = lib.mkEnableOption "3D printing tools";
    modeling.enable = lib.mkEnableOption "3D modeling tools";
  };
  config = lib.mkMerge [
    (lib.mkIf cfg.printing.enable {
      home.packages = with pkgs; [
        bambu-studio
        orca-slicer
      ];
    })
    (lib.mkIf cfg.modeling.enable {
      home.packages = with pkgs; [
        blender
        openscad-lsp
        openscad-unstable
-    orca-slicer
+      ];
    })
  ];
 }
--- a/home/modules/ai-tools/claude-code.nix
+++ b/home/modules/ai-tools/claude-code.nix
@@ -0,0 +1,60 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 let
  cfg = config.ai-tools.claude-code;
  rtk-version = "0.18.1";
 in
 {
  options.ai-tools.claude-code.enable = lib.mkEnableOption "claude code with rtk and ccline";
  config = lib.mkIf cfg.enable {
    programs.claude-code.enable = true;
    home.packages = with pkgs; [
      (stdenv.mkDerivation {
        name = "ccline";
        src = fetchurl {
          url = "https://github.com/Haleclipse/CCometixLine/releases/download/v1.0.8/ccline-linux-x64.tar.gz";
          hash = "sha256-Joe3Dd6uSMGi66QT6xr2oY/Tz8rA5RuKa6ckBVJIzI0=";
        };
        unpackPhase = "tar xzf $src";
        installPhase = ''
          mkdir -p $out/bin
          cp ccline $out/bin/
          chmod +x $out/bin/ccline
        '';
        meta = {
          description = "CCometixLine Linux x64 CLI (Claude Code statusline)";
          homepage = "https://github.com/Haleclipse/CCometixLine";
          license = lib.licenses.mit;
          platforms = [ "x86_64-linux" ];
        };
      })
      (stdenv.mkDerivation {
        name = "rtk-${rtk-version}";
        version = rtk-version;
        src = fetchurl {
          url = "https://github.com/rtk-ai/rtk/releases/download/v${rtk-version}/rtk-x86_64-unknown-linux-gnu.tar.gz";
          hash = "sha256-XoTia5K8b00OzcKYCufwx8ApkAS31DxUCpGSU0jFs2Q=";
        };
        unpackPhase = "tar xzf $src";
        installPhase = ''
          mkdir -p $out/bin
          cp rtk $out/bin/
          chmod +x $out/bin/rtk
        '';
        meta = {
          description = "RTK - AI coding tool enhancer";
          homepage = "https://www.rtk-ai.app";
          license = lib.licenses.mit;
          platforms = [ "x86_64-linux" ];
        };
      })
      mcp-nixos
    ];
  };
 }
--- a/home/modules/ai-tools/default.nix
+++ b/home/modules/ai-tools/default.nix
@@ -1,89 +1,8 @@
 {
-  lib,
+  imports = [
-  config,
+    ./claude-code.nix
-  pkgs,
+    ./opencode.nix
-  ...
+    ./skills.nix
-}:
+    ./tirith.nix
 let
  cfg = config.ai-tools;
  rtk-version = "0.18.1";
 in
 {
  options.ai-tools = {
    claude-code.enable = lib.mkEnableOption "claude code with rtk and ccline";
    opencode.enable = lib.mkEnableOption "opencode";
  };
  config = lib.mkMerge [
    (lib.mkIf cfg.claude-code.enable {
      home.packages = with pkgs; [
        claude-code
        (pkgs.stdenv.mkDerivation {
          name = "ccline";
          src = pkgs.fetchurl {
            url = "https://github.com/Haleclipse/CCometixLine/releases/download/v1.0.8/ccline-linux-x64.tar.gz";
            hash = "sha256-Joe3Dd6uSMGi66QT6xr2oY/Tz8rA5RuKa6ckBVJIzI0=";
          };
          unpackPhase = ''
            tar xzf $src
          '';
          installPhase = ''
            mkdir -p $out/bin
            cp ccline $out/bin/
            chmod +x $out/bin/ccline
          '';
          meta = with pkgs.lib; {
            description = "CCometixLine Linux x64 CLI (Claude Code statusline)";
            homepage = "https://github.com/Haleclipse/CCometixLine";
            license = licenses.mit;
            platforms = [ "x86_64-linux" ];
          };
        })
        (pkgs.stdenv.mkDerivation {
          name = "rtk-${rtk-version}";
          version = rtk-version;
          src = pkgs.fetchurl {
            url = "https://github.com/rtk-ai/rtk/releases/download/v${rtk-version}/rtk-x86_64-unknown-linux-gnu.tar.gz";
            hash = "sha256-XoTia5K8b00OzcKYCufwx8ApkAS31DxUCpGSU0jFs2Q=";
          };
          unpackPhase = ''
            tar xzf $src
          '';
          installPhase = ''
            mkdir -p $out/bin
            cp rtk $out/bin/
            chmod +x $out/bin/rtk
          '';
          meta = with pkgs.lib; {
            description = "RTK - AI coding tool enhancer";
            homepage = "https://www.rtk-ai.app";
            license = licenses.mit;
            platforms = [ "x86_64-linux" ];
          };
        })
        mcp-nixos
      ];
    })
    (lib.mkIf cfg.opencode.enable {
      home.packages = with pkgs; [
        opencode
      ];
      home.file.".config/opencode/opencode.json".text = builtins.toJSON {
        "$schema" = "https://opencode.ai/config.json";
        permission = {
          external_directory = {
            "/run/secrets/" = "deny";
            "~/.config/sops/age/keys.txt" = "deny";
          };
        };
        plugin = [ "@mohak34/opencode-notifier@latest" ];
      };
    })
  ];
 }
--- a/home/modules/ai-tools/opencode.nix
+++ b/home/modules/ai-tools/opencode.nix
@@ -0,0 +1,40 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 let
  cfg = config.ai-tools.opencode;
 in
 {
  options.ai-tools.opencode = {
    enable = lib.mkEnableOption "opencode";
  };
  config = lib.mkIf cfg.enable {
    home.packages = [ pkgs.opencode ];
    home.file.".config/opencode/opencode.json".text = builtins.toJSON {
      "$schema" = "https://opencode.ai/config.json";
      permission = {
        external_directory = {
          "/run/secrets/" = "deny";
          "~/.config/sops/age/keys.txt" = "deny";
          "~/.ssh/id_rsa" = "deny";
          "~/.ssh/id_ed25519" = "deny";
          "~/.ssh/id_ecdsa" = "deny";
          "~/.ssh/id_dsa" = "deny";
          "/etc/ssh/ssh_host_rsa_key" = "deny";
          "/etc/ssh/ssh_host_ed25519_key" = "deny";
          "/etc/ssh/ssh_host_ecdsa_key" = "deny";
          "/etc/ssh/ssh_host_dsa_key" = "deny";
        };
        command = {
          sops = "deny";
        };
      };
      plugin = [ "@mohak34/opencode-notifier@latest" ];
    };
  };
 }
--- a/home/modules/ai-tools/skills.nix
+++ b/home/modules/ai-tools/skills.nix
@@ -0,0 +1,49 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 let
  cfg = config.ai-tools.claude-code;
  skillType = lib.types.submodule {
    options = {
      owner = lib.mkOption { type = lib.types.str; };
      repo = lib.mkOption { type = lib.types.str; };
      rev = lib.mkOption { type = lib.types.str; };
      hash = lib.mkOption { type = lib.types.str; };
      skill = lib.mkOption { type = lib.types.str; };
    };
  };
  fetchSkill =
    skill:
    let
      src = pkgs.fetchFromGitHub {
        inherit (skill)
          owner
          repo
          rev
          hash
          ;
      };
    in
    {
      name = ".claude/skills/${skill.skill}";
      value = {
        source = "${src}/${skill.skill}";
        recursive = true;
      };
    };
 in
 {
  options.ai-tools.claude-code.skills = lib.mkOption {
    type = lib.types.listOf skillType;
    default = [ ];
  };
  config = lib.mkIf cfg.enable {
    home.file = builtins.listToAttrs (map fetchSkill cfg.skills);
  };
 }
--- a/home/modules/ai-tools/tirith-check.py
+++ b/home/modules/ai-tools/tirith-check.py
@@ -0,0 +1,190 @@
 #!/usr/bin/env python3
 """Claude Code PreToolUse hook — runs tirith check on Bash tool calls.
 Reads JSON from stdin (Claude Code hook protocol), extracts the command,
 and delegates to `tirith check --json` for security analysis.
 Exit codes:
  0 — hook completed successfully (decision in stdout JSON)
  Non-zero — hook error (fail-closed by default; set TIRITH_FAIL_OPEN=1 for fail-open)
 Output (stdout, only for deny):
  {
    "hookSpecificOutput": {
      "hookEventName": "PreToolUse",
      "permissionDecision": "deny",
      "permissionDecisionReason": "..."
    }
  }
 Environment:
  TIRITH_BIN              — path to tirith binary (default: "tirith")
  TIRITH_HOOK_WARN_ACTION — "deny" (default) or "allow"
 """
 import json
 import os
 import shutil
 import subprocess
 import sys
 def get(data, *keys):
    """Return the first matching key from data (supports dual-case fields)."""
    for k in keys:
        if k in data:
            return data[k]
    return None
 def deny(reason):
    """Print a deny decision using hookSpecificOutput and exit 0."""
    print(
        json.dumps(
            {
                "hookSpecificOutput": {
                    "hookEventName": "PreToolUse",
                    "permissionDecision": "deny",
                    "permissionDecisionReason": reason,
                }
            }
        )
    )
    sys.exit(0)
 def fail_action():
    """Return the fail action: deny (default, fail-closed) or allow (fail-open via env)."""
    return "allow" if os.environ.get("TIRITH_FAIL_OPEN") == "1" else "deny"
 def fail_closed(reason):
    """Deny or allow based on TIRITH_FAIL_OPEN, for error/missing-binary paths."""
    action = fail_action()
    if action == "deny":
        deny(reason)
    else:
        sys.exit(0)
 def main():
    try:
        raw = sys.stdin.read()
        if not raw.strip():
            # Empty input — cannot determine command, fail-closed
            fail_closed("tirith: empty hook input — blocked for safety")
            return
        data = json.loads(raw)
    except (json.JSONDecodeError, OSError):
        fail_closed("tirith: failed to parse hook input — blocked for safety")
        return
    if not isinstance(data, dict):
        fail_closed("tirith: invalid hook input format — blocked for safety")
        return
    # Dual-case field extraction (camelCase and snake_case)
    event = get(data, "hook_event_name", "hookEventName")
    tool = get(data, "tool_name", "toolName")
    tool_input = get(data, "tool_input", "toolInput") or {}
    # Only intercept PreToolUse + Bash
    if event != "PreToolUse" or tool != "Bash":
        sys.exit(0)
    if not isinstance(tool_input, dict):
        fail_closed("tirith: invalid tool_input format — blocked for safety")
        return
    command = tool_input.get("command")
    if not isinstance(command, str) or not command.strip():
        fail_closed("tirith: no command found in hook input — blocked for safety")
        return
    # Locate tirith binary
    tirith_bin = os.environ.get("TIRITH_BIN") or shutil.which("tirith") or "tirith"
    try:
        result = subprocess.run(
            [
                tirith_bin,
                "check",
                "--json",
                "--non-interactive",
                "--shell",
                "posix",
                "--",
                command,
            ],
            capture_output=True,
            text=True,
            timeout=10,
        )
    except FileNotFoundError:
        fail_closed(f"tirith: {tirith_bin} not found — install tirith or set TIRITH_FAIL_OPEN=1")
        return
    except subprocess.TimeoutExpired:
        fail_closed("tirith: check timed out — blocked for safety")
        return
    except OSError as e:
        fail_closed(f"tirith: OS error running check — {e}")
        return
    # Unexpected exit code — fail-closed
    if result.returncode not in (0, 1, 2):
        fail_closed(f"tirith: unexpected exit code {result.returncode} — blocked for safety")
        return
    if result.returncode != 0 and not result.stdout.strip():
        fail_closed("tirith: check returned non-zero with no output — blocked for safety")
        return
    # Exit 0 = clean, allow
    if result.returncode == 0:
        sys.exit(0)
    # Exit 2 = warn — check TIRITH_HOOK_WARN_ACTION
    if result.returncode == 2:
        warn_action = os.environ.get("TIRITH_HOOK_WARN_ACTION", "deny").lower()
        if warn_action == "allow":
            sys.exit(0)
    # Exit 1 = block, Exit 2 + deny = block
    # Build reason from tirith JSON output
    reason = "Tirith security check failed"
    if result.stdout.strip():
        try:
            verdict = json.loads(result.stdout)
            findings = verdict.get("findings", [])
            if findings:
                parts = []
                for f in findings:
                    title = f.get("title", f.get("rule_id", "unknown"))
                    severity = f.get("severity", "")
                    parts.append(f"[{severity}] {title}" if severity else title)
                reason = "Tirith: " + "; ".join(parts)
        except json.JSONDecodeError:
            reason = result.stdout.strip()[:500]
    deny(reason)
 if __name__ == "__main__":
    try:
        main()
    except Exception:
        # Fail-closed on unexpected errors (respects TIRITH_FAIL_OPEN)
        if os.environ.get("TIRITH_FAIL_OPEN") == "1":
            sys.exit(0)
        # Deny — print structured output so Claude Code shows a message
        print(
            json.dumps(
                {
                    "hookSpecificOutput": {
                        "hookEventName": "PreToolUse",
                        "permissionDecision": "deny",
                        "permissionDecisionReason": "tirith: unexpected hook error — blocked for safety",
                    }
                }
            )
        )
        sys.exit(0)
--- a/home/modules/ai-tools/tirith.nix
+++ b/home/modules/ai-tools/tirith.nix
@@ -0,0 +1,30 @@
 {
  lib,
  config,
  pkgs,
  ...
 }:
 let
  cfg = config.ai-tools.tirith;
 in
 {
  options.ai-tools.tirith = {
    enable = lib.mkEnableOption "tirith shell security guard";
  };
  config = lib.mkMerge [
    (lib.mkIf cfg.enable {
      home.packages = [ pkgs.tirith ];
    })
    (lib.mkIf (cfg.enable && config.ai-tools.claude-code.enable) {
      home.file.".claude/hooks/tirith-check.py" = {
        source = ./tirith-check.py;
        executable = true;
      };
      home.activation.tirith-claude-code = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
        ${pkgs.tirith}/bin/tirith setup claude-code --with-mcp --scope user --force 2>/dev/null || true
      '';
    })
  ];
 }
--- a/home/modules/anki/default.nix
+++ b/home/modules/anki/default.nix
@@ -2,20 +2,27 @@
  config,
  lib,
  pkgs,
  myUtils,
  osConfig ? null,
  inputs ? null,
  ...
 }:
 let
-  hmSopsAvailable = config ? sops && config.sops ? secrets;
+  sops = myUtils.sopsAvailability config osConfig;
-  osSopsAvailable = osConfig != null && osConfig ? sops && osConfig.sops ? secrets;
+  standalone = osConfig == null;
  sopsAvailable = hmSopsAvailable || osSopsAvailable;
  sopsSecrets = if hmSopsAvailable then config.sops.secrets else osConfig.sops.secrets;
 in
-{
+lib.optionalAttrs standalone {
  sops.secrets = myUtils.mkSopsSecrets "${toString inputs.nix-secrets}/secrets" null {
    anki = [
      "sync-user"
      "sync-key"
    ];
  };
 }
 // {
  warnings = lib.optional (
-    !sopsAvailable && config.programs.anki.enable
+    !sops.available && config.programs.anki.enable
  ) "anki is enabled but sops secrets are not available. anki sync will not be configured.";
  programs.anki = {
@@ -26,9 +33,9 @@ in
      puppy-reinforcement
      review-heatmap
    ];
-    profiles."User 1".sync = lib.mkIf sopsAvailable {
+    profiles."User 1".sync = lib.mkIf sops.available {
-      usernameFile = "${sopsSecrets."anki_sync_user".path}";
+      usernameFile = "${sops.secrets."anki/sync-user".path}";
-      keyFile = "${sopsSecrets."anki_sync_key".path}";
+      keyFile = "${sops.secrets."anki/sync-key".path}";
    };
  };
 }
--- a/home/modules/audio/default.nix
+++ b/home/modules/audio/default.nix
@@ -1,5 +1,7 @@
-{ pkgs, ... }:
+{ osConfig, pkgs, ... }:
 {
  home.packages = with pkgs; [ pulsemixer ];
  services.mpris-proxy.enable = osConfig.hardware.bluetooth.enable or false;
 }
--- a/home/modules/browser/default.nix
+++ b/home/modules/browser/default.nix
@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ config, lib, ... }:
 {
  options.browser = {
@@ -23,6 +23,8 @@
    };
  };
  config.home.sessionVariables.BROWSER = config.browser.primary;
  imports = [
    ./firefox.nix
    ./librewolf.nix
--- a/home/modules/clipboard/default.nix
+++ b/home/modules/clipboard/default.nix
@@ -0,0 +1,7 @@
 { pkgs, ... }:
 {
  home.packages = with pkgs; [
    wl-clipboard
  ];
 }
--- a/home/modules/cloud/hetzner.nix
+++ b/home/modules/cloud/hetzner.nix
@@ -14,8 +14,7 @@ in
    warnings =
      lib.optional (!isNixOS)
        "hcloud module requires NixOS host configuration. This module will not work with standalone home-manager.";
-    home = {
+
-      packages = with pkgs; [ hcloud ];
+    home.packages = with pkgs; [ hcloud ];
    };
  };
 }
--- a/home/modules/database/default.nix
+++ b/home/modules/database/default.nix
@@ -9,14 +9,18 @@
  options.database = {
    mssql.enable = lib.mkEnableOption "MSSQL";
    postgresql.enable = lib.mkEnableOption "PostgreSQL";
    redis.enable = lib.mkEnableOption "Redis";
  };
  config = lib.mkMerge [
    (lib.mkIf config.database.mssql.enable {
-      home.packages = [ (config.nixgl.wrap pkgs.dbeaver-bin) ];
+      home.packages = with pkgs; [ (config.nixgl.wrap dbeaver-bin) ];
    })
    (lib.mkIf config.database.postgresql.enable {
-      home.packages = [ (config.nixgl.wrap pkgs.pgadmin4-desktopmode) ];
+      home.packages = with pkgs; [ (config.nixgl.wrap pgadmin4-desktopmode) ];
    })
    (lib.mkIf config.database.postgresql.enable {
      home.packages = with pkgs; [ redis ];
    })
  ];
 }
--- a/home/modules/dconf/default.nix
+++ b/home/modules/dconf/default.nix
@@ -3,6 +3,7 @@
 let
  terminal = "kitty";
  browser = config.browser.primary;
  font = "${config.stylix.fonts.monospace.name} ${toString config.stylix.fonts.sizes.applications}";
 in
 {
  dconf.settings = {
@@ -40,9 +41,9 @@ in
      clock-show-weekday = true;
      color-scheme = "prefer-dark";
      enable-hot-corners = false;
-      font-name = "Iosevka Term SS08 12";
+      # font-name = font;
      locate-pointer = true;
-      monospace-font-name = "Iosevka Term SS08 12";
+      monospace-font-name = font;
    };
    "org/gnome/desktop/wm/keybindings" = {
--- a/home/modules/default.nix
+++ b/home/modules/default.nix
@@ -1,13 +1,24 @@
-{ config, lib, pkgs, ... }:
+{
  config,
  lib,
  pkgs,
  ...
 }:
 {
-  options.nixgl.wrap = lib.mkOption {
+  options = {
    host.username = lib.mkOption {
      type = lib.types.str;
      default = config.home.username;
    };
    nixgl.wrap = lib.mkOption {
      type = lib.types.functionTo lib.types.package;
      default = if config.lib ? nixGL then config.lib.nixGL.wrap else lib.id;
      readOnly = true;
    };
-  options.wrapApp = lib.mkOption {
+    wrapApp = lib.mkOption {
      type = lib.types.raw;
      default =
        pkg: flags:
@@ -22,4 +33,5 @@
          pkg;
      readOnly = true;
    };
  };
 }
--- a/home/modules/desktop/niri/default.nix
+++ b/home/modules/desktop/niri/default.nix
@@ -2,6 +2,7 @@
 {
  imports = [
    ../../clipboard
    ../../fuzzel
    ../../mako
    ../../shikane
@@ -12,7 +13,6 @@
    file.".config/niri/config.kdl".source = ./config.kdl;
    packages = with pkgs; [
      brightnessctl
      wl-clipboard
      wlsunset
    ];
  };
--- a/home/modules/devenv/default.nix
+++ b/home/modules/devenv/default.nix
@@ -0,0 +1,4 @@
 { pkgs, ... }:
 {
  home.packages = [ pkgs.devenv ];
 }
--- a/home/modules/docker/default.nix
+++ b/home/modules/docker/default.nix
@@ -1,9 +1,7 @@
 { pkgs, ... }:
 {
  config = {
  home.packages = with pkgs; [
    dive
  ];
  };
 }
--- a/home/modules/git/default.nix
+++ b/home/modules/git/default.nix
@@ -7,7 +7,7 @@
 }:
 {
-  options = {
+  options.git = {
    github.enable = lib.mkEnableOption "Github CLI";
    gitlab.enable = lib.mkEnableOption "Gitlab CLI";
  };
@@ -20,7 +20,7 @@
      ".gitignore".source = dotsPath + "/.gitignore";
    };
-    programs.gh.enable = config.github.enable;
+    programs.gh.enable = config.git.github.enable;
-    home.packages = lib.optionals config.gitlab.enable [ pkgs.glab ];
+    home.packages = lib.optionals config.git.gitlab.enable [ pkgs.glab ];
  };
 }
--- a/home/modules/k8s/default.nix
+++ b/home/modules/k8s/default.nix
@@ -18,6 +18,10 @@
    enableAlias = true;
  };
  home.shellAliases = {
    k = "kubectl";
  };
  imports = [
    ./helm.nix
    ./k9s.nix
--- a/home/modules/nodejs/default.nix
+++ b/home/modules/nodejs/default.nix
--- a/home/modules/nvim/default.nix
+++ b/home/modules/nvim/default.nix
@@ -1,9 +1,7 @@
 { pkgs, inputs, ... }:
 {
  config = {
  home.packages = [
    inputs.nvim.packages.${pkgs.stdenv.hostPlatform.system}.nvim
  ];
  };
 }
--- a/home/modules/secrets/default.nix
+++ b/home/modules/secrets/default.nix
@@ -1,5 +1,4 @@
 {
  lib,
  pkgs,
  ...
 }:
@@ -7,7 +6,8 @@
  imports = [ ./vault.nix ];
  home.packages = with pkgs; [
    sops
    age
    age-plugin-yubikey # TODO: only needed when using Yubikey
    sops
  ];
 }
--- a/home/modules/ssh/default.nix
+++ b/home/modules/ssh/default.nix
@@ -1,18 +1,15 @@
 {
-  outputs,
+  myUtils,
  lib,
  pkgs,
  ...
 }:
 let
-  nixosConfigs = builtins.attrNames outputs.nixosConfigurations;
+  hostDir = ../../hosts;
-  homeConfigs = map (n: lib.last (lib.splitString "@" n)) (
+  hostNames = myUtils.dirNames hostDir;
    builtins.attrNames outputs.homeConfigurations
  );
  allHosts = lib.unique (homeConfigs ++ nixosConfigs);
  hostsWithKeys = lib.filter (
-    hostname: builtins.pathExists ../../hosts/${hostname}/ssh_host.pub
+    hostname: builtins.pathExists (hostDir + "/${hostname}/ssh_host.pub")
-  ) allHosts;
+  ) hostNames;
 in
 {
  home.packages = with pkgs; [ sshfs ];
@@ -25,15 +22,14 @@ in
      lib.genAttrs hostsWithKeys (
        hostname:
        let
-          hostConfig = outputs.nixosConfigurations.${hostname}.config;
+          meta = myUtils.hostMeta (hostDir + "/${hostname}");
          inherit (hostConfig.ssh) publicHostname username;
        in
        {
          host = hostname;
-          user = username;
+          user = meta.deployment.targetUser;
        }
-        // lib.optionalAttrs (publicHostname != "") {
+        // lib.optionalAttrs (meta.deployment.targetHost != "") {
-          hostname = publicHostname;
+          hostname = meta.deployment.targetHost;
        }
      )
      // {
--- a/home/modules/stylix/default.nix
+++ b/home/modules/stylix/default.nix
@@ -6,7 +6,7 @@
 }:
 let
-  theme = import ../../modules/stylix/theme.nix { inherit pkgs; };
+  theme = import ../../../modules/stylix/theme.nix { inherit pkgs; };
 in
 {
  imports = [ inputs.stylix.homeModules.stylix ];
@@ -25,21 +25,6 @@ in
      sansSerif = config.stylix.fonts.monospace;
      emoji = config.stylix.fonts.monospace;
    };
-    targets = {
+    targets = import ../../../modules/stylix/targets.nix;
      firefox = {
        profileNames = [ "default" ];
        colorTheme.enable = true;
      };
      librewolf = {
        profileNames = [ "default" ];
        colorTheme.enable = true;
      };
      gnome.enable = false;
      gtk.enable = false;
      kitty = {
        variant256Colors = true;
      };
      nixvim.enable = false;
    };
  };
 }
--- a/home/modules/taskwarrior/default.nix
+++ b/home/modules/taskwarrior/default.nix
@@ -3,20 +3,39 @@
  lib,
  pkgs,
  dotsPath,
  myUtils,
  osConfig ? null,
  inputs ? null,
  ...
 }:
 let
-  hmSopsAvailable = config ? sops && config.sops ? templates;
+  sops = myUtils.sopsAvailability config osConfig;
-  osSopsAvailable = osConfig != null && osConfig ? sops && osConfig.sops ? templates;
+  standalone = osConfig == null;
  sopsAvailable = hmSopsAvailable || osSopsAvailable;
  sopsTemplates = if hmSopsAvailable then config.sops.templates else osConfig.sops.templates;
 in
-{
+lib.optionalAttrs standalone {
  sops = {
    secrets = myUtils.mkSopsSecrets "${toString inputs.nix-secrets}/secrets" null {
      taskwarrior = [
        "sync-server-url"
        "sync-server-client-id"
        "sync-encryption-secret"
      ];
    };
    templates."taskrc.d/sync" = {
      content = ''
        sync.server.url=${config.sops.placeholder."taskwarrior/sync-server-url"}
        sync.server.client_id=${config.sops.placeholder."taskwarrior/sync-server-client-id"}
        sync.encryption_secret=${config.sops.placeholder."taskwarrior/sync-encryption-secret"}
      '';
    };
  };
 }
 // {
  warnings =
-    lib.optional (!sopsAvailable && config.programs.taskwarrior.enable)
+    lib.optional (!sops.available && config.programs.taskwarrior.enable)
      "taskwarrior is enabled, but sops templates are not available. taskwarrior sync will not be configured.";
  home.packages = with pkgs; [
@@ -27,7 +46,7 @@ in
  home.file = {
    ".config/task/taskrc" = {
-      force = true; # overwrite when present
+      force = true;
      source = dotsPath + "/.config/task/taskrc";
    };
    ".config/task/taskrc.d/aliases".source = dotsPath + "/.config/task/taskrc.d/aliases";
@@ -39,14 +58,6 @@ in
    ".local/share/task/hooks/on-exit.sync.py" = {
      source = dotsPath + "/.local/share/task/hooks/on-exit.sync.py";
    };
    ".local/share/task/hooks/on-add.limit.py" = {
      source = dotsPath + "/.local/share/task/hooks/on-add.limit.py";
      executable = true;
    };
    ".local/share/task/hooks/on-modify.limit.py" = {
      source = dotsPath + "/.local/share/task/hooks/on-modify.limit.py";
      executable = true;
    };
    ".local/share/task/scripts/sync-and-notify.sh" = {
      source = dotsPath + "/.local/share/task/scripts/sync-and-notify.sh";
      executable = true;
@@ -59,9 +70,10 @@ in
    colorTheme = "dark-256";
    config = {
      recurrence = "off";
      reserved.lines = 3; # without this I would have to scroll up 3 lines
    };
-    extraConfig = lib.optionalString sopsAvailable ''
+    extraConfig = lib.optionalString sops.available ''
-      include ${sopsTemplates."taskrc.d/sync".path}
+      include ${sops.templates."taskrc.d/sync".path}
    '';
  };
 }
--- a/home/modules/ticketing/default.nix
+++ b/home/modules/ticketing/default.nix
@@ -0,0 +1,7 @@
 { pkgs, ... }:
 {
  home.packages = with pkgs; [
    jira-cli-go
  ];
 }
--- a/home/modules/tmux/default.nix
+++ b/home/modules/tmux/default.nix
@@ -11,9 +11,5 @@
      enable = true;
      extraConfig = builtins.readFile (dotsPath + "/.config/tmux/tmux.conf");
    };
    home.file = {
      ".config/tmux/hooks/tmux.ssh.conf".source = dotsPath + "/.config/tmux/hooks/tmux.ssh.conf";
    };
  };
 }
--- a/home/modules/torrenting/default.nix
+++ b/home/modules/torrenting/default.nix
@@ -0,0 +1,21 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.torrenting;
 in
 {
  options.torrenting = {
    enable = lib.mkEnableOption "transmission torrent client";
  };
  config = lib.mkIf cfg.enable {
    home.packages = with pkgs; [
      transmission_4
    ];
  };
 }
--- a/home/modules/vscode/default.nix
+++ b/home/modules/vscode/default.nix
--- a/home/modules/waybar/default.nix
+++ b/home/modules/waybar/default.nix
@@ -1,68 +1,11 @@
 {
-  lib,
+  imports = [
-  ...
+    ./settings.nix
-}:
+    ./style.nix
  ];
 {
  programs.waybar = {
    enable = true;
-    settings = [
+    systemd.enable = true;
      {
        height = 16;
        spacing = 4;
        modules-left = [ "niri/workspaces" ];
        modules-right = [
          "pulseaudio"
          "memory"
          "cpu"
          "network"
          "clock"
          "battery"
        ];
        clock = {
          format = "W{:%V %d %b %H:%M}";
          tooltip-format = "{calendar}";
          format-alt = "{:%Y-%m-%d %H:%M:%S}";
        };
        battery = {
          bat = "BAT0";
          adapter = "ADP1";
          interval = 5;
          full-at = 99;
          states = {
            good = 80;
            warning = 20;
            critical = 10;
          };
          format = "{capacity}%--";
          format-charging = "{capacity}%++";
          format-plugged = "{capacity}%";
          format-alt = "{time} {power}W";
        };
        pulseaudio = {
          format = "VOL {volume}%";
          format-muted = "muted";
          on-click = "pavucontrol";
        };
        memory = {
          interval = 2;
          format = "RAM {percentage}%";
          format-alt = "RAM {used:0.1f}G/{total:0.1f}G";
        };
        cpu = {
          interval = 2;
          format = "CPU {usage}%";
          format-alt = "CPU {avg_frequency}GHz";
        };
        network = {
          interval = 5;
          format-wifi = "{ifname} {ipaddr} {essid}";
          format-ethernet = "{ifname} {ipaddr}";
          format-disconnected = "{ifname} disconnected";
          tooltip-format = "{ifname}: {ipaddr}/{cidr}";
        };
      }
    ];
    style = lib.readFile ./style.css;
  };
 }
--- a/home/modules/waybar/settings.nix
+++ b/home/modules/waybar/settings.nix
@@ -0,0 +1,59 @@
 {
  programs.waybar.settings = [
    {
      height = 16;
      spacing = 4;
      modules-left = [ "niri/workspaces" ];
      modules-right = [
        "pulseaudio"
        "memory"
        "cpu"
        "network"
        "clock"
        "battery"
      ];
      clock = {
        format = "W{:%V %d %b %H:%M}";
        tooltip-format = "{calendar}";
        format-alt = "{:%Y-%m-%d %H:%M:%S}";
      };
      battery = {
        bat = "BAT0";
        adapter = "ADP1";
        interval = 5;
        full-at = 99;
        states = {
          good = 80;
          warning = 20;
          critical = 10;
        };
        format = "{capacity}%--";
        format-charging = "{capacity}%++";
        format-plugged = "{capacity}%";
        format-alt = "{time} {power}W";
      };
      pulseaudio = {
        format = "VOL {volume}%";
        format-muted = "muted";
        on-click = "pavucontrol";
      };
      memory = {
        interval = 2;
        format = "RAM {percentage}%";
        format-alt = "RAM {used:0.1f}G/{total:0.1f}G";
      };
      cpu = {
        interval = 2;
        format = "CPU {usage}%";
        format-alt = "CPU {avg_frequency}GHz";
      };
      network = {
        interval = 5;
        format-wifi = "{ifname} {ipaddr} {essid}";
        format-ethernet = "{ifname} {ipaddr}";
        format-disconnected = "{ifname} disconnected";
        tooltip-format = "{ifname}: {ipaddr}/{cidr}";
      };
    }
  ];
 }
--- a/home/modules/waybar/style.nix
+++ b/home/modules/waybar/style.nix
@@ -0,0 +1,5 @@
 { lib, ... }:
 {
  programs.waybar.style = lib.readFile ./style.css;
 }
--- a/home/modules/zk/default.nix
+++ b/home/modules/zk/default.nix
@@ -0,0 +1,45 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.zk;
 in
 {
  options.zk = {
    enable = lib.mkEnableOption "zettelkasten";
    path = lib.mkOption {
      type = lib.types.str;
      default = config.home.homeDirectory + "/.zk";
      description = "Path to the zettelkasten directory";
    };
  };
  config = lib.mkIf cfg.enable {
    home = {
      sessionVariables.ZK_PATH = cfg.path;
      packages = [
        (pkgs.writeShellApplication {
          name = "zk";
          runtimeInputs = with pkgs; [ tmux ];
          text = builtins.readFile ./scripts/zk.sh;
        })
        (pkgs.writeShellApplication {
          name = "save-zk";
          runtimeInputs = with pkgs; [ git ];
          text = builtins.readFile ./scripts/save-zk.sh;
        })
        (pkgs.writeShellApplication {
          name = "setup-zk";
          runtimeInputs = with pkgs; [ gh ];
          text = builtins.readFile ./scripts/setup-zk.sh;
        })
      ];
    };
  };
 }
--- a/home/modules/zk/scripts/save-zk.sh
+++ b/home/modules/zk/scripts/save-zk.sh
@@ -0,0 +1,2 @@
 cd "$ZK_PATH" || { echo "No zettelkasten directory found"; exit 1; }
 git add . && git commit -m "Update" && git push
--- a/home/modules/zk/scripts/setup-zk.sh
+++ b/home/modules/zk/scripts/setup-zk.sh
@@ -0,0 +1,13 @@
 if [ ! -d "$ZK_PATH" ]; then
  echo "[zk] Setting up zettelkasten"
  gh repo clone zk "$ZK_PATH"
 else
  echo "[zk] Zettelkasten already set up."
 fi
 read -p "Would you like open your zettelkasten? [y/N] " -n 1 -r
 echo
 if [[ $REPLY =~ ^[Yy]$ ]]; then
  $EDITOR "$ZK_PATH"
 fi
--- a/home/modules/zk/scripts/zk.sh
+++ b/home/modules/zk/scripts/zk.sh
@@ -1,8 +1,6 @@
-#!/usr/bin/env bash
+current_zettel_path="$(cat "$ZK_PATH/current-zettel.txt")"
-current_zettel_path="$ZK_PATH/$(cat "$ZK_PATH/current-zettel.txt")"
+if [ -n "${TMUX:-}" ]; then
 if [ "$TERM_PROGRAM" = tmux ]; then
  cd "$ZK_PATH" && $EDITOR "$current_zettel_path"
 else
  echo 'Not in tmux'
@@ -12,13 +10,9 @@ else
  read -r -p 'Enter your choice: ' choice
  case $choice in
    1)
-      # Check if a tmux session is running with a window named zk
+      if tmux has-session -t zk 2>/dev/null; then
-      if tmux list-windows -F '#{window_name}' | grep -q zk; then
+        tmux attach -t zk
        # Attach to the session containing the 'zk' window
        session="$(tmux list-windows -F '#{window_name} #{session_name}' | grep zk | head -n 1 | awk '{ print $2 }')"
        tmux attach -t "$session"
      else
        # Create session with a window named 'zk' and start nvim
        tmux new-session -s zk -n zk -d
        tmux send-keys -t zk:zk "cd $ZK_PATH && $EDITOR $current_zettel_path" Enter
        tmux attach -t zk
--- a/hosts/andromache/default.nix
+++ b/hosts/andromache/default.nix
@@ -7,62 +7,60 @@
 }:
 let
  username = "h";
  hostName = "andromache";
  wolInterfaces = import ./wol-interfaces.nix;
 in
 {
  imports = [
    inputs.disko.nixosModules.disko
    ../../modules/common
    ./hard.nix
    ./host.nix
    inputs.nixos-hardware.nixosModules.common-cpu-intel
    inputs.nixos-hardware.nixosModules.common-pc
    inputs.nixos-hardware.nixosModules.common-pc-ssd
-    inputs.sops-nix.nixosModules.sops
+    ../../modules/common
    ../../modules/boot/bootloader.nix
    (import ../../modules/disko/zfs-encrypted-root.nix {
      inherit lib config;
      device = "/dev/nvme1n1";
    })
-    ../../modules/desktops/niri
+    ../../modules/ai-tools
    ../../modules/anki
    ../../modules/audio
    ../../modules/backups
    ../../modules/bluetooth
-    ../../modules/gaming
+    ../../modules/desktops/niri
-    ../../modules/keyboard
+    ../../modules/docker
-    (import ../../modules/networking { inherit hostName; })
+    ../../modules/firewall
    ../../modules/users
    ../../modules/audio
    ../../modules/localization
    ../../modules/fonts
    ../../modules/gaming
    ../../modules/git
    ../../modules/hcloud
    ../../modules/keyboard
    ../../modules/localization
    ../../modules/networking
    ../../modules/nvidia
    ../../modules/secrets
    ../../modules/ssh
    ../../modules/storage
    ../../modules/stylix
    (import ../../modules/secrets { inherit lib inputs config; })
    ../../modules/docker
    ../../modules/syncthing
-    ../../modules/nvidia
+    ../../modules/tailscale
    ../../modules/taskwarrior
    ../../modules/users
    ../../modules/wol
    ../../modules/yubikey
  ];
-  home-manager.users.${username} = import ../../home/hosts/andromache {
+  home-manager.users.${config.host.username} = import ../../home/hosts/${config.host.name};
    inherit
      inputs
      config
      pkgs
      lib
      ;
  };
-  networking.hostName = hostName;
+  secrets.nixSigningKey.enable = true;
-  ssh.username = username;
+  restic-backup.enable = true;
-  ssh.authorizedHosts = [ "astyanax" ];
+  tailscale.enable = true;
-  secrets.username = username;
+  docker.enable = true;
  docker.user = username;
-  nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_andromache.path ];
+  hcloud.enable = true;
  disko.devices = {
    disk.data = {
@@ -94,7 +92,6 @@ in
  my.yubikey = {
    enable = false;
    inherit username;
    keys = [
      {
        handle = "<KeyHandle1>";
@@ -116,17 +113,15 @@ in
    package = pkgs.plocate;
  };
-  networking = {
+  networking.hostId = "80eef97e";
-    # TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id
+
-    hostId = "80eef97e";
+  wol = {
-    interfaces = {
+    enable = true;
-      eno1 = {
+    interfaces.eno1 = { inherit (wolInterfaces.eno1) macAddress; };
        wakeOnLan.enable = true;
        inherit (wolInterfaces.eno1) macAddress;
      };
  };
  firewall = {
-      allowedUDPPorts = [ 9 ];
+    enable = true;
-    };
+    allowedTCPPorts = [ 22 ];
  };
 }
--- a/hosts/andromache/host.nix
+++ b/hosts/andromache/host.nix
@@ -0,0 +1,7 @@
 {
  host = {
    username = "h";
    highRam = true;
    admin = true;
  };
 }
--- a/hosts/andromache/meta.nix
+++ b/hosts/andromache/meta.nix
@@ -1,4 +1,9 @@
 {
-  deployment.tags = [ "local" ];
+  system = "x86_64-linux";
  deployment = {
    tags = [ "local" ];
    targetHost = "";
    targetUser = "h";
  };
  role = "desktop";
 }
--- a/hosts/andromache/system.nix
+++ b/hosts/andromache/system.nix
@@ -1 +0,0 @@
 "x86_64-linux"
--- a/hosts/astyanax/default.nix
+++ b/hosts/astyanax/default.nix
@@ -6,62 +6,57 @@
  ...
 }:
 let
  username = "h";
  hostName = "astyanax";
  wolInterfaces = import ../andromache/wol-interfaces.nix;
 in
 {
  imports = [
    inputs.disko.nixosModules.disko
    ../../modules/common
    ./hard.nix
    ./host.nix
    inputs.nixos-hardware.nixosModules.common-pc
    inputs.nixos-hardware.nixosModules.common-pc-ssd
    # inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-intel-gen7 (not available yet?)
    inputs.sops-nix.nixosModules.sops
    ../../modules/common
    ../../modules/boot/bootloader.nix
    (import ../../modules/disko/zfs-encrypted-root.nix {
      inherit lib config;
      device = "/dev/nvme0n1";
    })
-    ../../modules/desktops/niri
+    ../../modules/ai-tools
    ../../modules/anki
    ../../modules/audio
    ../../modules/audio-automation
    ../../modules/backups
    ../../modules/bluetooth
-    ../../modules/keyboard
+    ../../modules/desktops/niri
-    (import ../../modules/networking { inherit hostName; })
+    ../../modules/docker
-    ../../modules/users
+    ../../modules/firewall
    ../../modules/localization
    ../../modules/fonts
    ../../modules/git
    ../../modules/keyboard
    ../../modules/localization
    ../../modules/networking
    ../../modules/nfc
    ../../modules/secrets
    ../../modules/ssh
    ../../modules/storage
    ../../modules/stylix
-    (import ../../modules/secrets { inherit lib inputs config; })
+    ../../modules/tailscale
-    ../../modules/docker
+    ../../modules/taskwarrior
-    ../../modules/nfc
+    ../../modules/users
    ../../modules/yubikey
  ];
-  home-manager.users.${username} = import ../../home/hosts/astyanax {
+  home-manager.users.${config.host.username} = import ../../home/hosts/${config.host.name};
    inherit
      inputs
      config
      pkgs
      lib
      ;
  };
-  networking.hostName = hostName;
+  secrets.nixSigningKey.enable = true;
-  ssh.username = username;
+  restic-backup.enable = true;
-  ssh.authorizedHosts = [ "andromache" ];
+  tailscale.enable = true;
-
+  docker.enable = true;
-  secrets.username = username;
+  nfc.enable = true;
  docker.user = username;
  nfc.user = username;
  desktop.ly.enable = true;
-
+  audio.automation.enable = true;
  nix.settings.secret-key-files = [ config.sops.secrets.nix_signing_key_astyanax.path ];
  hardware = {
    cpu.intel.updateMicrocode = true;
@@ -92,12 +87,35 @@ in
  ];
  networking = {
    # TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id
    hostId = "80eef97e";
  };
  firewall = {
    enable = true;
    allowedTCPPorts = [ 22 ];
  };
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
  my.yubikey = {
    enable = true;
    # inherit (config.host) username;
    # keys = [
    #   {
    #     handle = "<KeyHandle1>";
    #     userKey = "<UserKey1>";
    #     coseType = "<CoseType1>";
    #     options = "<Options1>";
    #   }
    #   {
    #     handle = "<KeyHandle2>";
    #     userKey = "<UserKey2>";
    #     coseType = "<CoseType2>";
    #     options = "<Options2>";
    #   }
    # ];
  };
  services = {
    fwupd.enable = true;
    locate = {
--- a/hosts/astyanax/host.nix
+++ b/hosts/astyanax/host.nix
@@ -0,0 +1,7 @@
 {
  host = {
    username = "h";
    highRam = true;
    admin = true;
  };
 }
--- a/hosts/astyanax/meta.nix
+++ b/hosts/astyanax/meta.nix
@@ -1,4 +1,9 @@
 {
-  deployment.tags = [ "local" ];
+  system = "x86_64-linux";
  deployment = {
    tags = [ "local" ];
    targetHost = "";
    targetUser = "h";
  };
  role = "laptop";
 }
--- a/hosts/astyanax/ssh_user.pub
+++ b/hosts/astyanax/ssh_user.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzP1PjIDb1tN9nhPOK88HYDtTNk9SN9ZpEem2id49Fa h@astyanax
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJApgl/+QaAtrg0OK5ihXasdcnDwzFo6qtHbgnqGFl25AAAABHNzaDo= h@astyanax
--- a/hosts/astyanax/system.nix
+++ b/hosts/astyanax/system.nix
@@ -1 +0,0 @@
 "x86_64-linux"
--- a/hosts/eetion-02/default.nix
+++ b/hosts/eetion-02/default.nix
@@ -1,27 +1,16 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 # Raspberry Pi 3
 # See <https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_3>
 let
  username = "h";
  hostName = "eetion-02";
 in
 {
  imports = [
    ./hard.nix
    ./host.nix
    ../../modules/common
    ../../modules/ssh
  ];
  ssh = {
    inherit username;
    publicHostname = "eetion-02";
    authorizedHosts = [
      "andromache"
      "astyanax"
    ];
  };
  boot = {
    kernelParams = [
      "console=ttyS1,115200n8"
@@ -38,7 +27,7 @@ in
  hardware.enableRedistributableFirmware = true;
  networking = {
-    inherit hostName;
+    hostName = config.host.name;
    networkmanager.enable = true;
    firewall = {
      enable = true;
@@ -51,7 +40,7 @@ in
  users.users = {
    root.hashedPassword = "!";
-    ${username} = {
+    ${config.host.username} = {
      isNormalUser = true;
      extraGroups = [ "wheel" ];
    };
--- a/hosts/eetion-02/host.nix
+++ b/hosts/eetion-02/host.nix
@@ -0,0 +1,5 @@
 {
  host = {
    username = "h";
  };
 }
--- a/hosts/eetion-02/meta.nix
+++ b/hosts/eetion-02/meta.nix
@@ -1,4 +1,9 @@
 {
-  deployment.tags = [ "arm" ];
+  system = "aarch64-linux";
  deployment = {
    tags = [ "arm" ];
    targetHost = "eetion-02";
    targetUser = "h";
  };
  role = "embedded";
 }
--- a/hosts/eetion-02/system.nix
+++ b/hosts/eetion-02/system.nix
@@ -1 +0,0 @@
 "aarch64-linux"
--- a/hosts/eetion/default.nix
+++ b/hosts/eetion/default.nix
@@ -1,27 +1,19 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 # Orange Pi Zero2 H616
 # See <https://nixos.wiki/wiki/NixOS_on_ARM/Orange_Pi_Zero2_H616>
 let
  username = "h";
  hostName = "eetion";
 in
 {
  imports = [
    ./hard.nix
    ./host.nix
    ../../modules/common
    ../../modules/ssh
    ../../modules/tailscale
    # ../../modules/uptime-kuma
  ];
-  ssh = {
+  tailscale.enable = true;
    inherit username;
    publicHostname = "eetion";
    authorizedHosts = [
      "andromache"
      "astyanax"
    ];
  };
  boot.loader = {
    grub.enable = false;
@@ -29,7 +21,7 @@ in
  };
  networking = {
-    inherit hostName;
+    hostName = config.host.name;
    networkmanager.enable = true;
    firewall = {
      enable = true;
@@ -44,7 +36,7 @@ in
  users.users = {
    root.hashedPassword = "!";
-    ${username} = {
+    ${config.host.username} = {
      isNormalUser = true;
      extraGroups = [ "wheel" ];
    };
@@ -57,19 +49,19 @@ in
      enable = true;
      passwordFile = "/etc/paperless-admin-pass";
      settings = {
-        PAPERLESS_URL = "http://paperless.eetion";
+        PAPERLESS_URL = "http://paperless.${config.host.name}";
      };
    };
    # added (OPNSense) domain override to make this work on LAN
    #
-    # host: eetion
+    # host: <host-name>
    # domain: <domain (e.g. lan)>
-    # ip address: <eetion-ip>
+    # ip address: <host-ip>
    #
    # host: paperless
-    # domain: eetion
+    # domain: <host-name>
-    # ip address: <eetion-ip>
+    # ip address: <host-ip>
    nginx = {
      enable = true;
      recommendedGzipSettings = true;
@@ -78,13 +70,13 @@ in
      recommendedTlsSettings = true;
      virtualHosts = {
-        "eetion" = {
+        "${config.host.name}" = {
          default = true;
          locations."/" = {
            proxyPass = "http://127.0.0.1:5006";
          };
        };
-        "paperless.eetion" = {
+        "paperless.${config.host.name}" = {
          locations."/" = {
            proxyPass = "http://127.0.0.1:28981";
          };
@@ -100,7 +92,13 @@ in
    oci-containers = {
      backend = "podman";
      containers.actualbudget = {
-        image = "docker.io/actualbudget/actual-server:latest-alpine";
+        image = "docker.io/actualbudget/actual-server:26.4.0-alpine";
        imageFile = pkgs.dockerTools.pullImage {
          imageName = "docker.io/actualbudget/actual-server";
          imageDigest = "sha256:996f3a59d297ec9699cb36ce558b61ab16d79c76763a5c3158d5387f71161499";
          sha256 = "sha256-81On59dSFBNeIjNJEm93b01EldYga2liiztXhjiVoj4=";
          finalImageTag = "26.4.0-alpine";
        };
        ports = [ "5006:5006" ];
        volumes = [ "/var/lib/actualbudget:/data" ];
      };
--- a/hosts/eetion/host.nix
+++ b/hosts/eetion/host.nix
@@ -0,0 +1,5 @@
 {
  host = {
    username = "h";
  };
 }
--- a/hosts/eetion/meta.nix
+++ b/hosts/eetion/meta.nix
@@ -1,4 +1,9 @@
 {
-  deployment.tags = [ "arm" ];
+  system = "aarch64-linux";
  deployment = {
    tags = [ "arm" ];
    targetHost = "eetion";
    targetUser = "h";
  };
  role = "embedded";
 }
--- a/hosts/eetion/system.nix
+++ b/hosts/eetion/system.nix
@@ -1 +0,0 @@
 "aarch64-linux"
--- a/hosts/hecuba/default.nix
+++ b/hosts/hecuba/default.nix
@@ -1,35 +1,24 @@
 {
  inputs,
  pkgs,
  config,
  ...
 }:
 # Also see <https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud>
 let
  username = "username";
  hostName = "hecuba";
 in
 {
  imports = [
    inputs.disko.nixosModules.disko
    ../../modules/common
    ./hard.nix
    ./host.nix
    ../../modules/common
    ../../modules/ssh
    ../../modules/docker
  ];
-  networking.hostName = hostName;
+  networking.hostName = config.host.name;
-  ssh = {
+  docker.enable = true;
    inherit username;
    publicHostname = "server.hektormisplon.xyz";
    authorizedHosts = [
      "andromache"
      "astyanax"
    ];
  };
  docker.user = username;
  fileSystems."/" = {
    device = "/dev/disk/by-label/nixos";
@@ -50,7 +39,7 @@ in
  users.users = {
    root.hashedPassword = "!";
-    username = {
+    ${config.host.username} = {
      isNormalUser = true;
      extraGroups = [ "wheel" ];
    };
@@ -69,6 +58,7 @@ in
  environment.systemPackages = with pkgs; [
    vim
    git
    kitty.terminfo
  ];
  services.fail2ban = {
--- a/hosts/hecuba/host.nix
+++ b/hosts/hecuba/host.nix
@@ -0,0 +1,5 @@
 {
  host = {
    username = "username";
  };
 }
--- a/hosts/hecuba/meta.nix
+++ b/hosts/hecuba/meta.nix
@@ -1,4 +1,9 @@
 {
-  deployment.tags = [ "cloud" ];
+  system = "x86_64-linux";
  deployment = {
    tags = [ "cloud" ];
    targetHost = "server.hektormisplon.xyz";
    targetUser = "username";
  };
  role = "server";
 }
--- a/hosts/hecuba/system.nix
+++ b/hosts/hecuba/system.nix
@@ -1 +0,0 @@
 "x86_64-linux"
--- a/hosts/vm/default.nix
+++ b/hosts/vm/default.nix
@@ -1,44 +1,34 @@
 {
  lib,
  inputs,
  config,
  pkgs,
  ...
 }:
 let
  username = "h";
  hostName = "vm";
 in
 {
  imports = [
    inputs.disko.nixosModules.disko
    ../../modules/common
    ./hard.nix
-    inputs.sops-nix.nixosModules.sops
+    ./host.nix
    ./disk.nix
-    ../../modules/boot/bootloader.nix
+    ../../modules/common
-    ../../modules/keyboard
+    ../../modules/anki
    (import ../../modules/networking { inherit hostName; })
    ../../modules/users
    ../../modules/audio
-    ../../modules/localization
+    ../../modules/boot/bootloader.nix
    ../../modules/x
    ../../modules/fonts
    ../../modules/git
    ../../modules/keyboard
    ../../modules/localization
    ../../modules/networking
    ../../modules/ai-tools
    ../../modules/ssh
    ../../modules/storage
-    (import ../../modules/secrets {
+    ../../modules/stylix
-      inherit lib inputs config;
+    ../../modules/secrets
-    })
+    ../../modules/taskwarrior
    ../../modules/users
    ../../modules/x
  ];
-  home-manager.users.${username} = import ../../home/hosts/vm {
+  home-manager.users.${config.host.username} = import ../../home/hosts/vm;
    inherit inputs config pkgs;
  };
  networking.hostName = hostName;
  ssh.username = username;
  secrets.username = username;
  disko = {
    devices.disk.main = {
--- a/Show More
+++ b/Show More
`@@ -1,4 +1,4 @@`
	`# NixOS flake`	`# ❄️ NixOS flake`

	`## hosts`	`## hosts`
`@@ -1,3 +1 @@`
	`vim.opt.termguicolors = true`

	`require("nvim-highlight-colors").setup({})`	`require("nvim-highlight-colors").setup({})`
		`@@ -0,0 +1,2 @@`
							`vim.g.zk_path = os.getenv("ZK_PATH") or (os.getenv("HOME") .. "/.zk")`
							`return vim.g.zk_path`
		`@@ -0,0 +1,2 @@`
							`cd "$ZK_PATH" \|\| { echo "No zettelkasten directory found"; exit 1; }`
							`git add . && git commit -m "Update" && git push`
`@@ -1 +1 @@`
	`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzP1PjIDb1tN9nhPOK88HYDtTNk9SN9ZpEem2id49Fa h@astyanax`	`sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJApgl/+QaAtrg0OK5ihXasdcnDwzFo6qtHbgnqGFl25AAAABHNzaDo= h@astyanax`